A Very Popular Hashing Function Sha1 Is No Longer Safe to Use
SHA-1 or ‘Secure Hash Algorithm 1’ is a cryptographic hash function that has been used by certificate authorities to sign SSL certificates. The CA/B Forum has announced the deprecation of the SHA-1 algorithm in favor of the newer and more secure SHA-2 hashing algorithms.
What is the Vulnerability Risk of SHA-1 Certificates?
Most of the most popular Web browser companies have declared that they will not recognize SSL certificates signed using SHA-1 after Jan. 1, 2017. According to researchers, if a malicious attacker applies enough computer power, it is theoretically possible to exploit SHA-1 certificates. This doesn’t mean that websites that are protected by SHA-1 SSL certificates are suddenly unprotected, but it certainly is a wake-up call to strengthen SSL certificates by issuing them using the SHA-2 algorithms.
SSL Certificate Authorities and vendors recommend that all customers who are still protected by SHA-1 certificates reissue their certificates using the SHA-2 hashing algorithm to avoid web browser security warnings and to ensure to visitors their site is not blocked or become concerned about browser security warnings related to SHA-1 certificates.
Action Required to Decrease The SHA-1 Vulnerability Risk: SHA-1 certificates will not be recognized starting in 2016, a change that requires the customer’s attention and action. SSLRenewals advice is to reissue or replace the SHA-1 Certificate with SHA-2 certificates as soon as possible.
Issue or reissue your SHA-2 updated SSL Certificate from the following resources:
CA/Browser Forum notice about SHA-1
For Symantec certificates click on this link – INFO2848
For GeoTrust certificates click on this link –INFO2851
For Thawte certificates click on this link –INFO2849
Renew your SSL certificate now and recover up to 78% of the total cost
Check if your SSL certificate still deploys SHA-1 function, if yes, then it’s time to renew it for better security features.
Related Post: