Thursday, 29 October 2015

Millions of websites face HTTPS lock-out as sites are adopting SHA2 encryption.



In 2016, billions of people around the world will have to face trouble accessing some of the most common encrypted websites like Facebook, Gmail, Twitter, and Microsoft sites.

Why? Because their internet browsers or devices will not be able to make use of the new, more secure certificates.

SHA1, the cryptographic hashing algorithm that has been used in the web's security for a decade, will be retired in a little over a year. Some experts say it could be cracked by the end of the year, making it useless and weak security for a billion of users.

Certificate Authorities said they will not support SHA1 certificates at midnight, 1 January 2016, they are opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years. But there is a problem, a some portion of internet users don't have a browser or device that are compatible with SHA2 certificate.

Encryption is important for protecting your online banking, email accounts, and social networks. That green lit-up icon in your browser verifies the integrity of a site, offering a strong level of assurance that the page has not been modified in any way.

New and more websites nowadays are adopting encryption because it costs very little to implement.
In an age of daily data breaches and hacks adopting a strong SHA2 algorithm is more important than ever. But browser makers and website owners thought they had more time.

Some good news is that many popular websites are already using the strongest SHA2 certificates. 

About 25 percent of SSL-encryption websites still use SHA1 of about 1 million websites.

That figure is decreasing every month, so much so that by the end of the year it could fall as low as 11 percent of all websites, meaning the vast majority of encrypted websites will be safe from SHA1 collision attacks.

For most people, there is nothing to worry about. The majority are already using the latest Safari,Chrome or Firefox browser, the latest operating systems, or the newest smartphone with the latest OS, which are compatible with the old SHA1-hashed websites and the newer SHA2 adopted websites.


But many, particularly those in developing nations, who are running older software, devices, and even the candy bar phones that have basic mobile internet, will face a brick wall, because their devices are not upto date enough to even know what SHA2 is.

No comments:

Post a Comment