SHA-1 till SHA-2

SHA-1 till SHA-2...

Som (alla) vet är hashalgoritmen SHA-1 påväg att ersättas av SHA-2. Just nu sätter webbläsartillverkarna blåslampa på alla sajtägare att byta ut sina SHA-1 baserade servercertifikat för att skynda på det hela.

Blåslampa är det även på de som signerar kod eftersom kodsigneringscertifikaten redan nu bör vara SHA-2 baserade. Det har vi på SecMaker förstås rättat oss efter.

I November 2015 skriver Microsoft »

In a previous update on TechNet, we announced that Windows will block SHA-1 signed TLS certificates starting on January 1, 2017. In light of recent advances in attacks on the SHA-1 algorithm, we are now considering an accelerated timeline to deprecate SHA-1 signed TLS certificates as early as June 2016. Mozilla recently announced a similar intent on the Mozilla Security Blog. We will continue to coordinate with other browser vendors to evaluate the impact of this timeline based on telemetry and current projections for feasibility of SHA-1 collisions.

I slutet av april 2016 skriver Microsoft »

In November, we shared a SHA-1 Deprecation Update with some early details on our schedule for blocking SHA-1 signed TLS certificates. Today we would like to share some more details to share on how this will be rolled out. Starting with the Windows 10 Anniversary Update, Microsoft Edge and Internet Explorer will no longer consider websites protected with a SHA-1 certificate as secure and will remove the address bar lock icon for these sites. These sites will continue to work, but will not be considered secure. This change will be in upcoming Windows Insider Preview builds soon, and will be deployed broadly this summer. In February 2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates.

Dela denna artikel

Relaterat