SHA-2 / SHA-1 SSL Test Tool
Check your Website for SHA-1 Migration
Check your Website for SHA-1 Migration
Recently news came from Google that the search engine giant is in a mood to phase out the SHA-1 algorithm in its upcoming chrome browser version. We know that SHA-1 is still in use in many applications, protocols. However, due to some technical weakness SHA-1 seems unreliable and insecure against potential collision attack. After the announcement of Microsoft, Google and Mozilla also join the migration movement. Below we have gathered giants’ reviews and social media reactions to this movement.
According to Google Announcement, from November 2014, Google Chrome will start to cease support to SHA-1 algorithm in upcoming chrome versions -39, 40, and 41. Even Microsoft and Mozilla Firefox have already notified about retiring the SHA1 algorithm because SHA1 is susceptible to collision attack.
On Tuesday, Nov 12, 2013, Microsoft advisory commented on retiring SHA-1 algorithm.
“Since 2005 there have been known collision attacks (where multiple inputs can produce the same output), meaning that SHA-1 no longer meets the security standards for a producing a cryptographically secure message digest,"
#infosec #ITSecurity #Google and #Microsoft close on the heels of #SHA1 on his way out, this is what you need to do: http://t.co/aPuhhfVIvP
— Javier García Bolao (@JGarciaBolao) September 25, 2014The Beginning of the End: SHA-1 Signed Certificates: http://t.co/8vijIDRKdY #SHA1 #Microsoft
— CSS Security (@cssITsecurity) January 10, 2014#Microsoft retiring the #SHA1 and RC4 crypto algorithms - start upgrading your certs! http://t.co/P5tZ1jyv5d #security
— Angus Chan (@gusmaru) November 13, 2013Google lately, but wisely took steps for SHA-1 migration and announced that “We plan to surface, in the HTTPS security indicator in Chrome, the fact that SHA-1 does not meet its design guarantee. We are taking a measured approach, gradually ratcheting down the security indicator.”
Chrome, IE will no longer support SHA-1 certs expiring after 2016-2017. Good move, but will require work to renew! https://t.co/6TIu0JNxNE
— Bruno Kerouanton (@kerouanton) September 25, 2014Google Chrome to effectively kill SHA-1 -- will make web more secure #microsoft #google… http://t.co/9pcnQTSrae
— SynergyMX.com (@synergymx) September 6, 2014Interesting: Google Chrome to start nudging users away from weak implementations of SSL #rc4 https://t.co/FQwjSIGqwO pic.twitter.com/ZCHVRCoDxs
— ashkan soltani (@ashk4n) September 9, 2014Google Chrome takes on SHA-1 for improved Internet safety http://t.co/WcGeaKZ16p
— ITProPortal (@ITProPortal) September 8, 2014Mozilla declared in announcement “We plan to add a security warning to the Web Console to remind developers that they should not be using a SHA-1 based certificate. We will display an additional, more prominent warning if the certificate will be valid after January 1, 2017, since we will reject that certificate after that date.”
Mozilla joins in on SHA-1 deprecation. Learn what changes to expect and when. http://t.co/aRcRBQHC2F pic.twitter.com/WdV6kPGF5Y
— GlobalSign (@globalsign) September 25, 2014#Mozilla plans to phase out #support of #SHA1 #hash #algorithm - via @SCMagazine http://t.co/aIkfcZtIVm
— Carlos R Torres (@CarlosTorresIT) September 25, 2014#Mozilla Latest to Part Ways With SHA-1: Mozilla announced that it will begin phasing out… http://t.co/JELI4SUE2n
— Zengo! Web Services (@zengowebservice) September 24, 2014After Google’s announcement, the following types of errors will upcoming Chrome versions produce over a specific period:
