Today's Hard|Forum Post
Today's Hard|Forum Post

Saturday October 24, 2015

As Sites Move To SHA2 Encryption, Millions Face HTTPS Lock-Out

SHA1 certificates will no longer be issued next year due to its weakening algorithm, but trouble looms for those with browsers or devices that are incompatible with SHA2.

SHA1, the cryptographic hashing algorithm that's been at the heart of the web's security for a decade, will be retired in a little over a year. Some say it could be cracked by the end of the year, essentially making it useless and weakening security for millions of users. Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2.