Security Advisory 2880823: Recommendation to discontinue use of SHA-1

ronjor · Nov 12, 2013

swiat

Microsoft is recommending that customers and CA’s stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based certificates after 2016.
Click to expand...

http://blogs.technet.com/b/srd/arch...discontinue-use-of-sha-1.aspx?Redirected=true

Microsoft Security Advisory (2880823)

EncryptedBytes · Nov 14, 2013

I find this interesting as we've had issues implementing newer forms of TLS 1.1 and 1.2 on windows platforms. Hopefully their support will improve now that they are mandating this…

Dermot7 · Nov 18, 2013

Last week I reported on how Microsoft will stop supporting SSL certificates that use the SHA-1 hash algorithm in 2016, and require SHA-2 from that point. 2016 being over two years away, this constitutes a call to action to the entire Internet, as well as cover for other infrastructure vendors to start advancing similar requirements.

It didn't take me long to realize that Microsoft itself wasn't using SHA-2 all that much. I asked how far they were along in the migration and got this statement from a Microsoft spokesperson:
Click to expand...

2014 to be an eventful year for SSL

Log in or Sign up

Security Advisory 2880823: Recommendation to discontinue use of SHA-1

ronjor Global Moderator

EncryptedBytes Registered Member

Dermot7 Registered Member

Log in or Sign up

Security Advisory 2880823: Recommendation to discontinue use of SHA-1

ronjor Global Moderator

EncryptedBytes Registered Member

Dermot7 Registered Member

Useful Searches