SHA-1 Deprecation timeline accelerated

SHA-1 and SHA-2 are cryptographic ‘Hash’ algorithms, that are used in the digital signatures that forms the foundation certificates are built on.

Over time, cryptographic algorithms become relatively weaker as they are exposed to  attacks through both the availability of increasingly powerful computers and advanced cryptanalysis.

The use of the signing algorithm SHA-1 is being deprecated in favor of the newer and more secure SHA-2 algorithm, and Microsoft has partnered with software vendors and the certificate authority industry, to ensure a gradually transition from SHA-1 to SHA-2 based certificates.

Back in September 2014, Google announced their timeline for sunsetting SHA-1 support, where Chrome will display security notices when a SHA-1 certificate is encountered.

In light of recent advances in attacks on the SHA-1 algorithm, Microsoft and partners have announced that they are considering an accelerated timeline to deprecate SHA-1 signed certificates from June 2016.

In addition, Mozilla recently announced in their Mozilla Security Blog, that they are considering July 1, 2016 as their cut-off date of SHA-1 support.

For more details, please see Windows Enforcement of Authenticode Code Signing and Timestamping.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.