SHA256 Compatibility

The SHA-1 collision that Google and CWI Amsterdam successfully performed had immediate implications on the artifacts you store in your repositories. Effectively, it means that one artifact could impersonate another. In other words, you download an artifact you want, validate its integrity using its SHA1 checksum, but actually end up with a different artifact which exposes you to a whole world of potential vulnerabilities in your software.

To prevent this scenario, Artifactory’s SHA256 compatibility natively supports SHA256 checksums which offer an unbreakable level of security, so when you validate the integrity of a downloaded binary, you can be sure that its contents have not been tampered with.

What does SHA256 compatibility give you

Any artifact uploaded to a repository automatically has its SHA256 calculated, and the SHA256 values of the artifacts in your repositories can be used for a variety of functions:


With the current state of technology, SHA256 compatibility provides unequivocal validation of your binaries offering the highest level of security available in a repository manager today.