SHA-1 is still a commonly used hashing algorithm for internal network encryption, despite the fact that it has long been deprecated for external use by all major browser makers. And there’s a good reason for that — the browser makers’ actions, SHA-1, has been demonstrated to be pretty weak over the past few years. The standard was first published in 1995, and cryptographic algorithms are seldom strong after 24 years.
“While browsers have not trusted publicly issued TLS certificates using SHA-1 since 2017, they have still supported SHA-1 certificates issued by private CAs inside of enterprises. This was possible since previously SHA-1 deprecation only applied to certificates issued from a root Certification Authority included in the operating system default trust store. Unfortunately, it’s very common for organizations to use private CAs issue SHA-1 certificates—public distrust of SHA-1 certificates was always just the tip of the iceberg.”
from DZone.com Feed http://bit.ly/2KBCVn9
No comments:
Post a Comment