All SSL certificates delivered by InterSSL are SHA-2 based by default since November 2014. Multiple browser vendors have alredy been showing warnings for websites that were still using old SHA-1 based certificates, after SHA-1 had been replaced.

Today, 10 years after of SHA-1 was first introduced, Google is announcing the first practical technique for generating a collision. The required computation power still is incredibly high, nevertheless it is another proof that replacing SHA-1 with SHA-2 signature algorithm for SSL certificates was about time.

  • Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

 

Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has deprecated SHA-1 as of February 24th, 2017.

If you are still using old SHA-1 certificates, please re-issue your certificate for free in order to get a new SHA-2 based one. - If you have got any questions, please don't hesitate to contact us!

Full Google Security Blog article: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

 


Monday, February 27, 2017

« Back