Vulnerability Risk in Using Sha1 Certificate

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

A Very Popular Hashing Function Sha1 Is No Longer Safe to Use

SHA-1,  or ‘Secure Hash Algorithm 1’ is a cryptographic hash function that has been used by certificate authorities to sign SSL certificates. The CA/B Forum has announced the deprecation of the SHA-1 algorithm in favor of the newer and more secure SHA-2 hashing algorithms.

What is the Vulnerability Risk of SHA-1 Certificates?

Most of the most popular Web browser companies have declared that they will not recognize SSL certificates signed using SHA-1 after Jan. 1, 2017. According to researchers, if a malicious attacker applies enough computer power, it is theoretically possible to exploit SHA-1 certificates. This doesn’t mean that websites that are protected by SHA-1 SSL certificates are suddenly unprotected, but it certainly is a wake-up call to strengthen SSL certificates by issuing them using the SHA-2 algorithms.

SSL Certificate Authorities and vendors recommend that all customers who are still protected by SHA-1 certificates  reissue their certificates using the SHA-2 hashing algorithm to avoid web browser security warnings and to ensure to visitors their site is not blocked or become concerned about browser security warnings related to SHA-1 certificates.

Action Required to Decrease The SHA-1 Vulnerability Risk: SHA-1 certificates will not be recognized starting in 2016, a change that requires the customer’s attention and action. SSLRenewals advice is to reissue or replace the SHA-1 Certificate with SHA-2 certificates as soon as possible.

Issue or reissue your SHA-2 updated SSL Certificate from following resources:

CA/Browser Forum notice about SHA-1
For Symantec certificates click on this link – INFO2848
For GeoTrust certificates click on this link –INFO2851
For Thawte certificates click on this link –INFO2849

Share on Facebook2Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *