Google considering following Mozilla and Microsoft footsteps and dropping support for insecure SHA-1 certificates earlier than expected
Internet surfers may take that little green or gold lock in the corner of their Web browser for granted. But starting Jan. 1, it might go away for a small percentage of people across the globe, and millions of users could lose access to websites because of it.
It's all to do with the "SHA-1 Sunset," a phrase used by technology insiders to describe the expiration of support for a certain level of encryption. Over the next year, the algorithms older than SHA-1 level of encryption will no longer meet the trusted level of security for many websites, leaving as many as 37 million people unable to access them, according to research from Internet performance and security company CloudFlare.
It's a routine update to a Web feature called the certificate signature hashing algorithm. But the change, decided by a consortium of vendors of Internet browser software, could disproportionately affect mobile devices in the developing world.
As a result, some of the world's most vulnerable population will be left with only the selection of websites they can view without the needed safety protocols.
Google has now come out and said it too is planning to join Microsoft and Mozilla and end Chrome support for the flawed encryption.
In a blog post, Google said that starting in early 2016 with Chrome version 48, Chrome will display a certificate error if it encounters a site with a leaf certificate that is signed with a SHA-1-based signature, is issued on or after 1 January 2016 and chains to a public CA.
Windows XP SP2 and earlier, and Android 2.2 and earlier support only SHA-1 certificate & do not support modern SHA2 certificates.
Millions to lose secure Internet access on Jan. 1
Internet surfers may take that little green or gold lock in the corner of their Web browser for granted. But starting Jan. 1, it might go away for a small percentage of people across the globe, and millions of users could lose access to websites because of it.
It's all to do with the "SHA-1 Sunset," a phrase used by technology insiders to describe the expiration of support for a certain level of encryption. Over the next year, the algorithms older than SHA-1 level of encryption will no longer meet the trusted level of security for many websites, leaving as many as 37 million people unable to access them, according to research from Internet performance and security company CloudFlare.
It's a routine update to a Web feature called the certificate signature hashing algorithm. But the change, decided by a consortium of vendors of Internet browser software, could disproportionately affect mobile devices in the developing world.
As a result, some of the world's most vulnerable population will be left with only the selection of websites they can view without the needed safety protocols.
Google has now come out and said it too is planning to join Microsoft and Mozilla and end Chrome support for the flawed encryption.
In a blog post, Google said that starting in early 2016 with Chrome version 48, Chrome will display a certificate error if it encounters a site with a leaf certificate that is signed with a SHA-1-based signature, is issued on or after 1 January 2016 and chains to a public CA.
Windows XP SP2 and earlier, and Android 2.2 and earlier support only SHA-1 certificate & do not support modern SHA2 certificates.
Millions to lose secure Internet access on Jan. 1
