Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Microsoft Drops SHA-1 Support in Browsers

November 29, 2016

It is now official. Microsoft will stop supporting SHA-1 in Internet Explorer 11 and the Edge browser on February 14, 2017. How fitting that the death of SHA-1 will be on Valentine's Day. After that date, users will be shown an invalid certificate warning and have to take extra steps to reach the site if they so choose. SHA-1 is known to have weaknesses and exposes users to spoofing and man-in-the-middle attacks, which is why Google Chrome and Firefox will also drop support at the end of January. It's a good thing that the browsers will no longer support SHA-1, but the root problem is with websites themselves. Estimates are that 35% of websites still use SHA-1 certificates. Until website operators upgrade the SHA-1 certificates, we'll be getting a ton of warning boxes.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com