Results 1 to 7 of 7

Thread: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 05-30-2014, 12:48 PM #1
    NewsArchive's Avatar
    NewsArchive
    NewsArchive is offline Senior Member
    Join Date
    Jan 2005
    Posts
    36,201

    Default Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

    All,

    Okay, here is the story. Microsoft has published a security advisory on
    "Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate
    Program". The new policy takes effect after January 1, 2016 and requires
    CAs to migrate to the stronger SHA-2 hashing algorithm.

    In summary, Windows will cease accepting SHA-1 certificates on January 1,
    2017. To continue to work with Microsoft platforms, all SHA-1 SSL
    certificates issued before or after this announcement must be replaced with
    a SHA-256 (SHA-2) equivalent by January 1, 2017. Organizations need to
    develop a migration plan for any SHA-1 end-entity SSL certificates that
    expire after January 1, 2017 and SHA-1 code signing certificates that expire
    after January 1, 2016. SHA1 code signing certificates that are time stamped
    before 1 January 2016 will be accepted until such time when Microsoft
    decides SHA1 is vulnerable to pre-image attack. Microsoft will give new
    consideration to the SHA deprecation deadlines in July 2015.

    1. Customers should "renew" with SHA-2 end-entity and intermediate
    certificates.

    2. Microsoft will cease trusting Code Signing Certificates using SHA-1 on
    January 1, 2016.

    Most applications, servers and browsers now support SHA-2, however some
    older operating systems such as Windows XP prior to Service Pack 3, and some
    mobile devices do not.

    For example:
    http://support.microsoft.com/kb/2763674

    Before the SHA-1 algorithm is formally deprecated by Microsoft, it is
    important to ensure your organization and those relying on your
    infrastructure are benefiting from SHA-2 support by installing the latest
    version of the application or browser and applying all known security
    updates to your operating system.

    Comodo will support only SHA-2 on all 3 year code signing certificates.
    They will also confirm policies at this time regarding 2 year SHA-1 code
    signing certificates.

    http://www.comodo.com/e-commerce/SHA-2-transition.php

    More SetupBuilder 8.x with built-in support for SHA-2 information to follow
    soon.

    Friedrich

    --
    Friedrich Linder
    Lindersoft
    www.lindersoft.com
    +1.954.252.3910

    --Helping You Build Better Installations
    --SetupBuilder "point. click. ship"
    --Create Windows 8 ready installations in minutes
    --Official COMODO Code Signing and SSL Certificate Partner
    Attached Images Attached Images  
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules