Announcement

Collapse
No announcement yet.

Google Works To Sunset SHA-1 In Chrome

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by gregordinary View Post
    Just checked the following sites and they all have SHA-1 certs:
    https://www.microsoft.com/en-us/default.aspx
    https://www.bankofamerica.com/
    https://www.yahoo.com/
    https://www.google.com/ (Expires November 24, 2014)

    SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.
    Socked!!! Socked!!! Socked!!!

    I tested some other website on sha ssl checker tool - sha2sslchecker.com

    Most popular websites still using sha1WithRSAEncryption

    www.taobao.com
    www.msn.com
    www.amazon.com
    www.hsbc.com
    www.nasa.gov
    www.facebook.com

    If, SHA1 is risky and broken then why still using SHA1 certificate?

    Comment


    • #22
      Originally posted by gregordinary View Post
      Just checked the following sites and they all have SHA-1 certs:
      https://www.microsoft.com/en-us/default.aspx
      https://www.bankofamerica.com
      https://www.yahoo.com
      https://www.google.com (Expires November 24, 2014)

      SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.

      socked!!! socked!!! socked!!!

      I tested some other website on sha ssl checker tool - www.sha2sslchecker.com

      Most popular websites still using sha1WithRSAEncryption

      www.taobao.com
      www.msn.com
      www.amazon.com
      www.hsbc.com
      www.nasa.gov
      www.facebook.com

      If, SHA1 is risky and broken then why still using SHA1 certificate?

      Comment


      • #23
        Because said organizations think certs cost more than your privacy is worth

        Comment


        • #24
          The sky is falling! The NSA has enough power to forge SHA-1 certs, so all these sites must buy new certs!!1 Oh wait, most of them are American companies, and the NSA has your data anyway.

          Comment

          Working...
          X