• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Facebook security warning over expiring algorithm

Concorde

Concorde

Alfrescian
Loyal

Facebook security warning over expiring algorithm

11 December 2015
Technology

_87159067_029976787-1.jpg


Web browsing for millions will get much less secure unless action is taken, warns Facebook

Web browsing will get much riskier for millions of people when a key security algorithm stops being used, warns Facebook.

The algorithm, known as SHA-1, will stop being supported by web browsing programs during 2016.

Its replacement - SHA-2 - will not be compatible with older web browsers.

Facebook said many of those exposed when SHA-1 is retired live in regions where web use is closely watched.

"We don't think it's right to cut tens of millions of people off from the benefits of the encrypted internet," wrote Alex Stamos, Facebook's chief security officer in a blogpost.

Two-tier web

Statistics gathered by Facebook suggest that 3-7% of all web browsers are so old that they cannot use SHA-2.

SHA-1 is used in a lot of security measures as a guarantee of identity and to conceal what people do online. But the cost of mounting an attack has fallen sharply recently so it has become much more straightforward for attackers to impersonate websites and spy on data.

Security firm Cloudflare has also issued warnings about the retirement of SHA-1 and drawn up a list of the nations where older browsers that cannot work with the new version are most prominent.

"Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world," said Matthew Prince, co-founder of Cloudflare in a blogpost.

"In other words, after 31 December most of the encrypted web will be cut off from the most vulnerable populations of internet users who need encryption the most," he said.

Both Facebook and Cloudflare have called for changes to the way that web browsers handle SHA-1 once it is retired. The proposal would mean SHA-1 would still be used for those using a browser that cannot use the updated algorithm.

Modern browsers that are updated to their most recent version will support SHA-2.

Both firms have called on the body that draws up browser security standards, known as the CA/Browser Forum, to support its proposal to operate a two-tier system. The CA/Browser Forum has yet to respond.


 
You must log in or register to reply here.

Similar threads

gsbslut
Inside Vietnam's Click Farms
Replies
1
Views
467
Pinkieslut
P
duluxe
PA Security Forces involvement in terror
Replies
0
Views
307
duluxe
duluxe
SBFNews
15 Jobs That Will Be as Extinct as Dinosaurs in the 2030s
2 3
Replies
41
Views
3K
k1976
k1976
duluxe
Malaysia is Looking into the National Security Threat of TikTok, Possibility of Banning It
Replies
0
Views
1K
duluxe
duluxe
gsbslut
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
653
eatshitndie
eatshitndie
Top