Quiz Entry - updated: 2026.07.14
Which hash functions (MDCs) are still approved for digital signatures as of 2023, and which ones are deprecated?
Only SHA-2 (256/384/512 bit) and SHA-3 (256/384/512 bit) are still approved for signatures. Everything else is deprecated.
| Algorithm | Output (bits) | Status |
|---|---|---|
| MD4, MD5 | 128 | Broken — must not be used |
| SHA-0 | 160 | Broken — must not be used |
| RIPEMD | 160 | Broken — must not be used |
| SHA-1 | 160 | No signatures! Still OK for HMAC per BSI guidance, but not recommended |
| SHA2-224, SHA3-224 | 224 | Not for signatures since 2023 (min. 240 bit required for collision attacks) |
| SHA-2 | 256, 384, 512 | Approved — min. 240 bit for signatures |
| SHA-3 | 256, 384, 512 | Approved — same as SHA-2 |
Key rule since 2023: Hash functions used for signatures must have at least 240 bits output (for collision resistance of at least 120 bits).
Tip: MD5 still appears in legacy systems like PRFs (pseudo-random functions), but never for integrity or signatures.
Go deeper:
SHA-2 (Wikipedia) — the currently dominant family (SHA-256/384/512), its variants and status.
NIST FIPS 202 — SHA-3 standard — the authoritative standard for the approved SHA-3 functions.