Companies unveil controversial fallback plan for tens of millions of browsers.
by Dan Goodin (US) - Dec 11, 2015http://cdn.arstechnica.net/wp-content/uploads/sites/3/2015/12/blocked-640x480.jpg
Tens of millions of Internet users will be cut off from encrypted webpages in the coming months unless sites are permitted to continue using SHA1, a cryptographic hashing function that's being retired because it's increasingly vulnerable to real-world forgery attacks, Facebook and Web security company CloudFlare have warned.
Facebook said as many as seven percent of the world's browsers are unable to support the SHA256 function that serves as the new minimum requirement starting at the beginning of 2016. That translates into tens of millions of end users, and a disproportionate number of them are from developing countries still struggling to get online or protect themselves against repressive governments. CloudFlare, meanwhile, estimated that more than 37 million people won't be able to access encrypted sites that rely on certificates signed with the new algorithm.
Full Article
