en

‫ Microsoft may block SHA1 certificates sooner than expected

Number: IRCNE2015112682

Date: 2015/11/11

According to “zdnet”, while about one-in-four encrypted websites are still using weak security certificates, Microsoft is considering taking matters into its own hands.

With the possibility of an attack becoming ever more possible, the software giant said in a blog post that it may consider moving up its deadline of deprecating old SHA1-based security certificates to June 2016.

That means sites running old certificates will be inaccessible, or difficult to access, from modern browsers.

Fellow browser maker Mozilla said last month that it may also deprecate support for older SHA1-based certificates as of July 2016.

Research published last month said a well-resourced attacker, such as an intelligence agency, could successfully create an SHA1 collision attack by the end of the year. That would mean a country like the US, Russia, or China -- or even a well-funded hacker -- could impersonate seemingly secure websites.

The good news is that SHA2, the newer and far stronger cryptographic algorithm, makes up about 75 percent of the encrypted web, and that figure is growing every month.


The Wall

No comments
You need to sign in to comment