I’ve written a few times about the pending mini-Y2K issue that is SHA-1 deprecation.
In a nutshell, all digital certificates are signed by a hashing algorithm — and SHA-1 is the signature type used by almost everyone.But SHA-1 has significant cryptographic weaknesses, which is why the crypto world has recommended for years that digital certificates use its chosen successor, SHA-2, instead. You can find great threat modeling discussions regarding the potential impact of a full SHA-1 break in this piece by Google’s Ryan Sleevi and another by Eric Mill of the GSA organization 18F.To read this article in full or to leave a comment, please click here