Originally posted by Delgarde
View Post
Announcement
Collapse
No announcement yet.
Google Works To Sunset SHA-1 In Chrome
Collapse
X
-
I don't know much about crypto algorithms, but from what I gather SHA1 is weak and unsuitable for signing. Should I be worried then? This, for instance, is Google's gmail: "Signature algorithm SHA1withRSA" https://www.ssllabs.com/ssltest/anal...74.125.239.117
Leave a comment:
-
Originally posted by RahulSundaram View PostNo because https which is insecure lures users with a false sense of insecurity
Leave a comment:
-
From Wikipedia:
Best public cryptanalysis
A 2011 attack by Marc Stevens can produce hash collisions with a complexity of 2^61 operations.[1] No actual collisions have yet been produced.
EDIT: After all, SHA-1 was developed by NSA (note, this does not mean that there's a backdoor here, NSA also cares for security of US systems).
Leave a comment:
-
Originally posted by My8th View PostDo any common sites still use SHA-1?
Leave a comment:
-
Originally posted by My8th View PostDo any common sites still use SHA-1?
https://www.microsoft.com/en-us/default.aspx
https://www.bankofamerica.com/
https://www.yahoo.com/
https://www.google.com/ (Expires November 24, 2014)
SHA1 still makes up the overwhelming majority of SSL Certificates out there. Most CA's didn't start issuing SHA-2 certificates until earlier this year. I suspect some companies will be hesitant to jump to SHA2 since there are some compatibility issues especially with legacy systems like Windows Server 2003.
Leave a comment:
Leave a comment: