SHA-1
Latest
Google helps put aging SHA-1 encryption out to pasture
The decades-old SHA-1 encryption used to protect websites is already dying, but a discovery from Google and security researcher CWI Amsterdam could be the killing blow. For the first time, they've found a way to generate a "collision" and create the same critical hash function multiple times. The discovery will make it 100,000 times easier for attackers to slip malicious files into websites or servers than by a brute force attack. That new should help end its use, increasing security around the internet.
Chrome will soon stop supporting weak SHA-1 certificates
Google hasn't had confidence in SHA-1's -- the algorithm used for encryption by most SSL certificates, which add the "s" to https:// -- ability to keep your info safe for a long time. Now, the company is determined to stop supporting it and has revealed when it plans to do so. According to Google's Online Security blog, Chrome version 48 (currently in beta) will show a message that says "Your connection is not private" starting early next year whenever it detects an SHA-1-based certificate issued on or after January 1st, 2016.
