As sites move to SHA2 encryption, millions face HTTPS lock-out

Discussion in 'All other topics' started by ireland, Oct 25, 2015.

Thread Status:
Not open for further replies.
  1. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,451
    Likes Received:
    15
    Trophy Points:
    68
    As sites move to SHA2 encryption, millions face HTTPS lock-out

    "We're about to leave a whole chunk of the internet in the past," as millions of people remain dependent on old, insecure, but widely-used encryption.

    In 2016, tens of millions of people around the world will face trouble accessing some of the most common encrypted websites like Facebook, Google and Gmail, Twitter, and Microsoft sites.

    Why? Because their browser or device will be unable to read the new, more secure certificates.

    SHA1, the cryptographic hashing algorithm that's been at the heart of the web's security for a decade, will be retired in a little over a year. Some say it could be cracked by the end of the year, essentially making it useless and weakening security for millions of users.

    Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2.

    "We're about to leave a whole chunk of the internet in the past," said CloudFlare chief executive Matthew Prince, during a conversation in our New York newsroom earlier this month.

    'One million websites' running risky crypto
    READ MORE

    http://www.zdnet.com/article/as-sha1-winds-down-sha2-leap-will-leave-millions-stranded/
     
Thread Status:
Not open for further replies.

Share This Page