Announcement

**jsw12** · 03 October 2014, 07:19 AM

Originally posted by gregordinary View Post

Just checked the following sites and they all have SHA-1 certs:
https://www.microsoft.com/en-us/default.aspx
https://www.bankofamerica.com/
https://www.yahoo.com/
https://www.google.com/ (Expires November 24, 2014)

SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.

Socked!!! Socked!!! Socked!!!

I tested some other website on sha ssl checker tool - sha2sslchecker.com

Most popular websites still using sha1WithRSAEncryption

www.taobao.com
www.msn.com
www.amazon.com
www.hsbc.com
www.nasa.gov
www.facebook.com

If, SHA1 is risky and broken then why still using SHA1 certificate?

**jsw12** · 03 October 2014, 07:24 AM

Originally posted by gregordinary View Post

Just checked the following sites and they all have SHA-1 certs:

Your request has been blocked. This could be due to several reasons.

https://www.microsoft.com/en-us/default.aspx

Bank of America - Banking, Credit Cards, Loans and Merrill Investing

https://www.bankofamerica.com

What would you like the power to do? For you and your family, your business and your community. At Bank of America, our purpose is to help make financial lives better through the power of every connection.

Yahoo | Mail, Weather, Search, Politics, News, Finance, Sports & Videos

https://www.yahoo.com

Latest news coverage, email, free stock quotes, live scores and video are just the beginning. Discover more every day at Yahoo!

https://www.google.com (Expires November 24, 2014)

SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.

socked!!! socked!!! socked!!!

I tested some other website on sha ssl checker tool - www.sha2sslchecker.com

Most popular websites still using sha1WithRSAEncryption

taobao | 淘寶

https://www.taobao.com

淘寶（Taobao）讓您隨心淘超值商品，爲您提供流行服飾、美妝洗護、3C數碼、大小家電、家俬家居、箱包皮具、運動戶外、五金工具、玩具等千萬件熱銷好貨，淘寶支持文字或圖片搜索商品。天貓淘寶海外作爲Taobao面向華人的跨境電商平台，覆蓋200多個國家和地區的消費者，其中核心站點包括：淘寶香港（taobao hk）、淘寶台灣（taobao tw）、淘寶澳門、淘宝新加坡、淘宝马来西亚、淘宝韩国（타오바오 사이트）、淘宝澳洲、淘宝加拿大、taobao world。

MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos

https://www.msn.com

Your customizable and curated collection of the best in trusted news plus coverage of sports, entertainment, money, weather, travel, health and lifestyle, combined with Outlook/Hotmail, Facebook, Twitter, Bing, Skype and more.

https://www.amazon.com

HSBC Group corporate website | HSBC Holdings plc

https://www.hsbc.com

HSBC, one of the largest banking and financial services institutions in the world, serves millions of customers through its three Global Businesses.

NASA

https://www.nasa.gov

NASA.gov brings you the latest news, images and videos from America's space agency, pioneering the future in space exploration, scientific discovery and aeronautics research.

Facebook - log in or sign up

https://www.facebook.com

Log into Facebook to start sharing and connecting with your friends, family, and people you know.

If, SHA1 is risky and broken then why still using SHA1 certificate?

**nanonyme** · 03 October 2014, 09:37 AM

Because said organizations think certs cost more than your privacy is worth

**curaga** · 03 October 2014, 03:19 PM

The sky is falling! The NSA has enough power to forge SHA-1 certs, so all these sites must buy new certs!!1 Oh wait, most of them are American companies, and the NSA has your data anyway.

Announcement

Google Works To Sunset SHA-1 In Chrome

Comment

Comment

Comment

Comment