Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

Revision 961591 of Weak Signature Algorithm

  • Revision slug: Web/Security/Weak_Signature_Algorithm
  • Revision title: Weak Signature Algorithm
  • Revision id: 961591
  • Created:
  • Creator: grozis28
  • Is current revision? No
  • Comment
Tags: 

Revision Content

Why Signature Algorithms Matter

The strength of the hash algorithm used in {{Glossary("Signature/Security", "signing")}} a {{Glossary("Digital certificate", "digital certificate")}} is a critical element of the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can create or obtain fraudulent certificates. As new attacks are found and improvements in available technology make attacks more feasible, the use of older algorithms is discouraged and support for them is eventually removed.

SHA-1

SHA-1 based signatures are common; as of May 2015, they comprise roughly 45% of signatures used in digital certificates. However, SHA-1 is showing its age and its continued use is discouraged. When your certificates are replaced, ensure that a stronger signature algorithm (such as SHA-256) is used.

SHA-1 certificates will no longer be treated as secure by major browser manufacturers beginning in 2017.

MD5

Support for MD5 based signatures was removed in early 2012.

Learn More

Revision Source

 
<h3 id="Why_Signature_Algorithms_Matter">Why Signature Algorithms Matter</h3>

<p>The strength of the hash algorithm used in {{Glossary("Signature/Security", "signing")}} a {{Glossary("Digital certificate", "digital certificate")}} is a critical element of the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can create or obtain fraudulent certificates. As new attacks are found and improvements in available technology make attacks more feasible, the use of older algorithms is discouraged and support for them is eventually removed.</p>

<h3 id="SHA-1">SHA-1</h3>

<p>SHA-1 based signatures are common; as of May 2015, they comprise roughly 45% of signatures used in digital certificates. However, SHA-1 is showing its age and its continued use is discouraged. When your certificates are replaced, ensure that a stronger signature algorithm (such as SHA-256) is used.</p>

<p>SHA-1 certificates will no longer be treated as secure by major browser manufacturers beginning in 2017.</p>

<h3 id="MD5">MD5</h3>

<p>Support for MD5 based signatures was removed in early 2012.</p>

<h3 id="Learn_More">Learn More</h3>

<ul>
 <li><a href="https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/">Mozilla Security Blog post</a> on the deprecation of SHA-1</li>
</ul>
Revert to this revision