[OWASP-South Africa] SHA1

Brett Russell brett.russell at owasp.org
Wed Oct 8 16:54:05 UTC 2014


Apparently they tried to switch to SHA256 and had to switch back to SHA1
because 5% of their site browsers (mozilla.org) could not get access to
download Firefox? Seems everyone is issuing SHA1 certs to expire at the end
of 2015, that's what I recommended at work as well.

On Wed, Oct 8, 2014 at 10:03 AM, Wellington Mekhoe <wmekhoe at gmail.com>
wrote:

> Have you heard Mozilla's position on this matter?
>
> If I get any news, I will share it with you and the community.
> On 07 Oct 2014 6:37 AM, "Brett Russell" <brett.russell at owasp.org> wrote:
>
>> My concern is the devices, browsers etc that don't support sha256,
>> especially when in my opinion, the move is not really necessary?
>>
>> On Saturday, October 4, 2014, Wellington Mekhoe <wmekhoe at gmail.com>
>> wrote:
>>
>>> Hi Brett
>>>
>>> I think for now most people won't care about the changes, however as
>>> chrome is being used more now for business use, companies will be forced to
>>> upgrade their certificates.
>>>
>>> Kind regards
>>> Wellington Mekhoe
>>> On 26 Sep 2014 9:14 PM, "Brett Russell" <brett.russell at owasp.org> wrote:
>>>
>>>> Hi All,
>>>>
>>>> As most of you probably know, Google plans to start "sunsetting" SHA1
>>>> support with some interesting changes to Chrome:
>>>>
>>>>
>>>> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
>>>>
>>>> There have been some interesting responses from the global security
>>>> community, what do you have to say about all this? Is anyone in SA actually
>>>> going to care, or upgrade their certificate to cater for this?
>>>>
>>>> Kind Regards,
>>>> Brett Russell
>>>> OWASP South Africa Chapter Leader
>>>>
>>>> _______________________________________________
>>>> OWASP-SouthAfrica mailing list
>>>> OWASP-SouthAfrica at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-southafrica
>>>>
>>>>
>>
>> --
>>
>> Kind Regards,
>> Brett Russell
>> OWASP South Africa Chapter Leader
>>
>>


-- 

Kind Regards,
Brett Russell
OWASP South Africa Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20141008/3d6d3cb4/attachment.html>


More information about the OWASP-SouthAfrica mailing list