SHA-1’s days are numbered

First published by NIST in 1995 – two decades ago – SHA-1 has been supplanted by SHA-2 and then SHA-3, and federal agencies were required to upgrade way back in 2010. Microsoft, Google and Mozilla all announced that their web browsers would stop accepting SHA-1 certificates by 2017. This month, Google announced a timeline for its deprecation of SHA-1, beginning with Chrome v. 48 in early January. That browser will throw an error message for web sites that are signed with a SHA-1 certificate issued after January 1, and SHA-1 will be blocked completely in Chrome sometime between July 1, 2016 and January 1, 2017.

Microsoft has announced that it will start blocking SHA-1 certificates even earlier, next June. And Mozilla is considering doing the same on July 1.



About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top