[Cryptography] sunsetting SHA-1 in Chrome
Albert Lunde
atlunde at panix.com
Thu Sep 18 12:55:29 EDT 2014
On 9/7/2014 3:16 AM, Alexander Klimov wrote:
> <http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html>
>
> Chrome will start the process of sunsetting SHA-1 (as used in
> certificate signatures for HTTPS) with Chrome 39 in November. HTTPS
> sites whose certificate chains use SHA-1 and are valid past 1 January
> 2017 will no longer appear to be fully trustworthy in Chrome’s user
> interface.
How do the Chrome and Microsoft deprecations of SHA1 view the use of
SHA1 in TLS cipher suites?
As I understand it SHA1 is being used in a HMAC in TLS, which is
somewhat stronger than SHA1 alone in a certficate. There's some reason
to suspect both, but it's a different case.
Alternatives to SHA1 in TLS doesn't seem to show up until TLS 1.2.
--
Albert Lunde albert-lunde at northwestern.edu
atlunde at panix.com (address for personal mail)
More information about the cryptography
mailing list