Announcement

Collapse
No announcement yet.

Google Works To Sunset SHA-1 In Chrome

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #11
    Originally posted by RahulSundaram View Post
    No because https which is insecure lures users with a false sense of insecurity
    Most users have no sense of security anyway, and rubbish like secret questions and answers does far more to cause a false sense of security than SHA-1. A theoretically vulnerable algorithm that thus far has required enormous computing power to come close to a collision is better than requiring nothing more than to sit in between two hosts and collect the traffic.

    Comment

    • #12
      Originally posted by opensource View Post
      What about git, is it there still considered ok?
      It's considered unsuited for crypto, but that doesn't mean it's not a perfectly adequate hashing algorithm for other purposes.

      Comment

      • #13
        I don't know much about crypto algorithms, but from what I gather SHA1 is weak and unsuitable for signing. Should I be worried then? This, for instance, is Google's gmail: "Signature algorithm SHA1withRSA" https://www.ssllabs.com/ssltest/anal...74.125.239.117

        Comment

        • #14
          Originally posted by Delgarde View Post
          It's considered unsuited for crypto, but that doesn't mean it's not a perfectly adequate hashing algorithm for other purposes.
          No, I mean git uses sha1 internally (AFAIK).

          Comment

          • #15
            Originally posted by halfmanhalfamazing View Post
            Originally posted by My8th View Post
            Do any common sites still use SHA-1?
            Healthcare.gov
            *goes to confirm*
            yep it does, however "This change is about SHA-1-signed certificates that don't expire until after 1 January 2017"
            The Healthcare.gov one expires now +1 year and 4 days, which would be in September of 2015

            Comment

            • #16
              Originally posted by opensource View Post
              No, I mean git uses sha1 internally (AFAIK).
              Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.

              Comment

              • #17
                Originally posted by kusma View Post
                Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.
                I guess so too.

                Comment

                • #18
                  Originally posted by pqwoerituytrueiwoq View Post
                  *goes to confirm*
                  yep it does
                  *falls on the floor*

                  I was only kidding! LOLOL But I guess considering that the site was recently hacked, that just goes into the pot as one of the reasons.

                  Really, I guess I should be laughing because with government controlled healthcare, the joke is on us.

                  Comment

                  • #19
                    Originally posted by opensource View Post
                    No, I mean git uses sha1 internally (AFAIK).
                    Yes, that's why I said that. SHA-1 hashing isn't considered good enough for crypto these days, because finding collisions has become relatively computationally cheap, and the ability to deliberately find collisions for hashed passwords is a problem. But that doesn't matter for git, because it's not using SHA-1 for crypto (or for security in general)... it's just using it to generate a kind of identifier from the contents of a commit.

                    Comment

                    • #20
                      Originally posted by My8th View Post
                      Do any common sites still use SHA-1?
                      https://www.sha2sslchecker.com/index.php/facebook.com (sha1WithRSAEncryption)

                      Other popular websites those are using sha1WithRSAEncryption...

                      NASA
                      https://www.nasa.gov
                      NASA.gov brings you the latest news, images and videos from America's space agency, pioneering the future in space exploration, scientific discovery and aeronautics research.

                      HSBC Group corporate website | HSBC Holdings plc
                      https://www.hsbc.com
                      HSBC, one of the largest banking and financial services institutions in the world, serves millions of customers through its three Global Businesses.

                      https://www.amazon.com

                      taobao | 淘寶
                      https://www.taobao.com
                      淘寶(Taobao)讓您隨心淘超值商品,爲您提供流行服飾、美妝洗護、3C數碼、大小家電、家俬家居、箱包皮具、運動戶外、五金工具、玩具等千萬件熱銷好貨,淘寶支持文字或圖片搜索商品。天貓淘寶海外作爲Taobao面向華人的跨境電商平台,覆蓋200多個國家和地區的消費者,其中核心站點包括:淘寶香港(taobao hk)、淘寶台灣(taobao tw)、淘寶澳門、淘宝新加坡、淘宝马来西亚、淘宝韩国(타오바오 사이트)、淘宝澳洲、淘宝加拿大、taobao world。


                      Most websites still using SHA1 from this list - http://en.wikipedia.org/wiki/List_of...pular_websites

                      Comment

                      Previous 1 2 3 template Next
                      Working...
                      X