Announcement

Collapse
No announcement yet.

Google Works To Sunset SHA-1 In Chrome

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • curaga
    replied
    The sky is falling! The NSA has enough power to forge SHA-1 certs, so all these sites must buy new certs!!1 Oh wait, most of them are American companies, and the NSA has your data anyway.

    Leave a comment:

  • nanonyme
    replied
    Because said organizations think certs cost more than your privacy is worth

    Leave a comment:

  • jsw12
    replied
    Originally posted by gregordinary View Post
    Just checked the following sites and they all have SHA-1 certs:
    Your request has been blocked. This could be due to several reasons.
    https://www.microsoft.com/en-us/default.aspx

    Bank of America - Banking, Credit Cards, Loans and Merrill Investing
    https://www.bankofamerica.com
    What would you like the power to do? For you and your family, your business and your community. At Bank of America, our purpose is to help make financial lives better through the power of every connection.

    Yahoo | Mail, Weather, Search, Politics, News, Finance, Sports & Videos
    https://www.yahoo.com
    Latest news coverage, email, free stock quotes, live scores and video are just the beginning. Discover more every day at Yahoo!

    https://www.google.com (Expires November 24, 2014)

    SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.

    socked!!! socked!!! socked!!!

    I tested some other website on sha ssl checker tool - www.sha2sslchecker.com

    Most popular websites still using sha1WithRSAEncryption

    taobao | 淘寶
    https://www.taobao.com
    淘寶(Taobao)讓您隨心淘超值商品,爲您提供流行服飾、美妝洗護、3C數碼、大小家電、家俬家居、箱包皮具、運動戶外、五金工具、玩具等千萬件熱銷好貨,淘寶支持文字或圖片搜索商品。天貓淘寶海外作爲Taobao面向華人的跨境電商平台,覆蓋200多個國家和地區的消費者,其中核心站點包括:淘寶香港(taobao hk)、淘寶台灣(taobao tw)、淘寶澳門、淘宝新加坡、淘宝马来西亚、淘宝韩国(타오바오 사이트)、淘宝澳洲、淘宝加拿大、taobao world。

    MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
    https://www.msn.com
    Your customizable and curated collection of the best in trusted news plus coverage of sports, entertainment, money, weather, travel, health and lifestyle, combined with Outlook/Hotmail, Facebook, Twitter, Bing, Skype and more.

    https://www.amazon.com

    HSBC Group corporate website | HSBC Holdings plc
    https://www.hsbc.com
    HSBC, one of the largest banking and financial services institutions in the world, serves millions of customers through its three Global Businesses.

    NASA
    https://www.nasa.gov
    NASA.gov brings you the latest news, images and videos from America's space agency, pioneering the future in space exploration, scientific discovery and aeronautics research.

    Facebook - log in or sign up
    https://www.facebook.com
    Log into Facebook to start sharing and connecting with your friends, family, and people you know.


    If, SHA1 is risky and broken then why still using SHA1 certificate?

    Leave a comment:

  • jsw12
    replied
    Originally posted by gregordinary View Post
    Just checked the following sites and they all have SHA-1 certs:
    https://www.microsoft.com/en-us/default.aspx
    https://www.bankofamerica.com/
    https://www.yahoo.com/
    https://www.google.com/ (Expires November 24, 2014)

    SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.
    Socked!!! Socked!!! Socked!!!

    I tested some other website on sha ssl checker tool - sha2sslchecker.com

    Most popular websites still using sha1WithRSAEncryption

    www.taobao.com
    www.msn.com
    www.amazon.com
    www.hsbc.com
    www.nasa.gov
    www.facebook.com

    If, SHA1 is risky and broken then why still using SHA1 certificate?

    Leave a comment:

  • jsw12
    replied
    Originally posted by My8th View Post
    Do any common sites still use SHA-1?
    https://www.sha2sslchecker.com/index.php/facebook.com (sha1WithRSAEncryption)

    Other popular websites those are using sha1WithRSAEncryption...

    NASA
    https://www.nasa.gov
    NASA.gov brings you the latest news, images and videos from America's space agency, pioneering the future in space exploration, scientific discovery and aeronautics research.

    HSBC Group corporate website | HSBC Holdings plc
    https://www.hsbc.com
    HSBC, one of the largest banking and financial services institutions in the world, serves millions of customers through its three Global Businesses.

    https://www.amazon.com

    taobao | 淘寶
    https://www.taobao.com
    淘寶(Taobao)讓您隨心淘超值商品,爲您提供流行服飾、美妝洗護、3C數碼、大小家電、家俬家居、箱包皮具、運動戶外、五金工具、玩具等千萬件熱銷好貨,淘寶支持文字或圖片搜索商品。天貓淘寶海外作爲Taobao面向華人的跨境電商平台,覆蓋200多個國家和地區的消費者,其中核心站點包括:淘寶香港(taobao hk)、淘寶台灣(taobao tw)、淘寶澳門、淘宝新加坡、淘宝马来西亚、淘宝韩国(타오바오 사이트)、淘宝澳洲、淘宝加拿大、taobao world。


    Most websites still using SHA1 from this list - http://en.wikipedia.org/wiki/List_of...pular_websites

    Leave a comment:

  • Delgarde
    replied
    Originally posted by opensource View Post
    No, I mean git uses sha1 internally (AFAIK).
    Yes, that's why I said that. SHA-1 hashing isn't considered good enough for crypto these days, because finding collisions has become relatively computationally cheap, and the ability to deliberately find collisions for hashed passwords is a problem. But that doesn't matter for git, because it's not using SHA-1 for crypto (or for security in general)... it's just using it to generate a kind of identifier from the contents of a commit.

    Leave a comment:

  • halfmanhalfamazing
    replied
    Originally posted by pqwoerituytrueiwoq View Post
    *goes to confirm*
    yep it does
    *falls on the floor*

    I was only kidding! LOLOL But I guess considering that the site was recently hacked, that just goes into the pot as one of the reasons.

    Really, I guess I should be laughing because with government controlled healthcare, the joke is on us.

    Leave a comment:

  • opensource
    replied
    Originally posted by kusma View Post
    Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.
    I guess so too.

    Leave a comment:

  • kusma
    replied
    Originally posted by opensource View Post
    No, I mean git uses sha1 internally (AFAIK).
    Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.

    Leave a comment:

  • pqwoerituytrueiwoq
    replied
    Originally posted by halfmanhalfamazing View Post
    Originally posted by My8th View Post
    Do any common sites still use SHA-1?
    Healthcare.gov
    *goes to confirm*
    yep it does, however "This change is about SHA-1-signed certificates that don't expire until after 1 January 2017"
    The Healthcare.gov one expires now +1 year and 4 days, which would be in September of 2015

    Leave a comment:

Previous 1 2 3 template Next
Working...
X