By John Leyden, 10 Sep 2014
Google will penalize the search rankings of websites that use SHA-1 SSL certificates – and that's a huge policy change which ought to kick businesses into action, says an expert in digital certificates.
Only 15 per cent of sites use SHA-256 certificates, the replacement for SHA-1, according to stats from SSL Pulse. This means plenty of work needs to be done before Google's policy changes comes into effect in 2016, according to Ivan Ristic, director of engineering at cloud security firm Qualys.
Although the first signs of weaknesses in SHA-1 appeared almost ten years ago, it was only in 2012 that breaking SHA-1 became feasible, at least for those with deep pockets prepared to throw specialist hardware at the problem. In November 2013, Microsoft announced it wouldn't be accepting SHA-1 certificates after 2016. Google followed suit last week by saying its search engine will soon start penalizing sites that use SHA-1 certificates that expire during 2016 and after.
Ristic has put together a blog post explaining how businesses
The Register/ full article here/ http://www.theregister.co.uk/2014/09/10/google_sha_1_2016/
2016: Robo-butlers, flying cars, and Google's internet Terminators hunting SHA-1 SSL certs
Userlevel 7
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.