Microsoft wants to stop with outdated sha-1 algorithm sooner

Spread the love

Microsoft plans to block the sha-1 hashing algorithm from June 2016. The outdated algorithm has become vulnerable to increasingly simple attacks over time. With the blockade, Microsoft is following in the footsteps of Mozilla and Google.

Microsoft reports this on its blog. Initially, the use of sha-1 would be from January 1, 2017
be blocked. The reason for bringing the deadline forward is that the security of the hashing algorithm is increasingly being compromised. Microsoft refers to the freestart collision attack, which was carried out in October.

Security expert Bruce Schneier had reservations about the 1995 algorithm in 2005, but at the time conducting an attack was not yet economically interesting. However, it is getting cheaper and cheaper to carry out an attack. Sha-1 is used, among other things, for signing SSL/TLS certificates. Forging a single certificate by collision can have serious consequences. This creates a certificate with the same hash value as a legitimate certificate.

In its planning, Microsoft indicates that from January 1, 2016, certificate authorities may only issue certificates that are signed with the updated sha-2. After the June 2016 deadline, Windows will only trust certificates signed with sha-2.

You might also like