Announcement

Collapse
No announcement yet.

Google Works To Sunset SHA-1 In Chrome

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic Google Works To Sunset SHA-1 In Chrome

    Google Works To Sunset SHA-1 In Chrome

    Phoronix: Google Works To Sunset SHA-1 In Chrome

    Google will begin warning users when accessing HTTPS sites whose certificate chains are using SHA-1, due to this cryptographic hash algorithm being weak...

    http://www.phoronix.com/vr.php?view=MTc4MTk

  • curaga
    replied
    The sky is falling! The NSA has enough power to forge SHA-1 certs, so all these sites must buy new certs!!1 Oh wait, most of them are American companies, and the NSA has your data anyway.

    Leave a comment:


  • nanonyme
    replied
    Because said organizations think certs cost more than your privacy is worth

    Leave a comment:


  • jsw12
    replied
    Originally posted by gregordinary View Post
    Just checked the following sites and they all have SHA-1 certs:
    https://www.microsoft.com/en-us/default.aspx
    https://www.bankofamerica.com
    https://www.yahoo.com
    https://www.google.com (Expires November 24, 2014)

    SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.

    socked!!! socked!!! socked!!!

    I tested some other website on sha ssl checker tool - www.sha2sslchecker.com

    Most popular websites still using sha1WithRSAEncryption

    www.taobao.com
    www.msn.com
    www.amazon.com
    www.hsbc.com
    www.nasa.gov
    www.facebook.com

    If, SHA1 is risky and broken then why still using SHA1 certificate?

    Leave a comment:


  • jsw12
    replied
    Originally posted by gregordinary View Post
    Just checked the following sites and they all have SHA-1 certs:
    https://www.microsoft.com/en-us/default.aspx
    https://www.bankofamerica.com/
    https://www.yahoo.com/
    https://www.google.com/ (Expires November 24, 2014)

    SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.
    Socked!!! Socked!!! Socked!!!

    I tested some other website on sha ssl checker tool - sha2sslchecker.com

    Most popular websites still using sha1WithRSAEncryption

    www.taobao.com
    www.msn.com
    www.amazon.com
    www.hsbc.com
    www.nasa.gov
    www.facebook.com

    If, SHA1 is risky and broken then why still using SHA1 certificate?

    Leave a comment:


  • jsw12
    replied
    Originally posted by My8th View Post
    Do any common sites still use SHA-1?
    https://www.sha2sslchecker.com/index.php/facebook.com (sha1WithRSAEncryption)

    Other popular websites those are using sha1WithRSAEncryption...

    www.nasa.gov
    www.hsbc.com
    www.amazon.com
    www.taobao.com

    Most websites still using SHA1 from this list - http://en.wikipedia.org/wiki/List_of...pular_websites

    Leave a comment:


  • Delgarde
    replied
    Originally posted by opensource View Post
    No, I mean git uses sha1 internally (AFAIK).
    Yes, that's why I said that. SHA-1 hashing isn't considered good enough for crypto these days, because finding collisions has become relatively computationally cheap, and the ability to deliberately find collisions for hashed passwords is a problem. But that doesn't matter for git, because it's not using SHA-1 for crypto (or for security in general)... it's just using it to generate a kind of identifier from the contents of a commit.

    Leave a comment:


  • halfmanhalfamazing
    replied
    Originally posted by pqwoerituytrueiwoq View Post
    *goes to confirm*
    yep it does
    *falls on the floor*

    I was only kidding! LOLOL But I guess considering that the site was recently hacked, that just goes into the pot as one of the reasons.

    Really, I guess I should be laughing because with government controlled healthcare, the joke is on us.

    Leave a comment:


  • opensource
    replied
    Originally posted by kusma View Post
    Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.
    I guess so too.

    Leave a comment:


  • kusma
    replied
    Originally posted by opensource View Post
    No, I mean git uses sha1 internally (AFAIK).
    Git SHA-1 usage isn't really a security-feature, it's just a hash that's very unlikely (virtually impossible) to produce accidental collisions.

    Leave a comment:

Working...
X