“Thanks to Google,” web sites around the world are updating their SSL certificates to use a newer “hashing” algorithm called “SHA256”. Indeed, all new SSL certificates that LuxSci obtains for its customers will use SHA256, going forward (unless you don’t want that).
Read on to discover why this change is happening, what it means, why everyone is upset with Google for forcing the issue, and what your options are.
What’s the problem?
SHA1 is a method for making digital signatures and is used in the SSL certificates by most sites on the web. There is currently no security issue with SHA1 and computer power is not expected to be sufficient to “crack” SHA1 until sometime in the 2020s. In fact, Microsoft has stated, and the Internet community has agreed back in 2013, that it should be phased out by 2017 … well before the danger zone and giving folks plenty of time to transition.
Read the rest of this post »