Google\u00a9 has always taken strong actions when it comes to users’ data protection on the Internet. This time, for the sake of Internet security, they have planned to stop trusting the SHA-1 algorithm<\/strong><\/a>, which might be susceptible to several cyber-attacks due to inability to keep up with the latest techniques used by the hackers. Google\u00a9 has been putting in the best efforts to build secure measures for its users.<\/p>\n So it looks like it is finally about time to say good bye to the SHA-1 signature algorithm due to this major modification from Google. So, let\u2019s take a quick look at these changes and how the users need to manage website security based on these developments.<\/p>\n SHA stands for \u201cSecure Hash Algorithm\u201d and the version SHA-1 works on the single hash function, which is known to be vulnerable<\/strong><\/a> according to many web security experts.<\/li>\n SHA-2 is the latest version in SHA Algorithm history, and it is the next generation SHA-2 signature algorithm, which includes multiple hash functions to protect user\u2019s data while exchanging them on the Internet.<\/li>\n The vulnerabilities of SHA-1 are very well known and have been demonstrated many times over. In a practical live environment, it is still safe to use the SHA-1 signature algorithm. However, as per critics and SSL experts<\/strong><\/a>, SHA-1 will create security vulnerabilities in near future on the Internet. For that reason, best practices do not recommend SHA-1.<\/li>\n If your certificate is based on SHA-1 algorithm, it is very easy to get it exchanged for a SHA-2 certificate. All you need to do is re-issue your SSL certificate by choosing the algorithm as SHA-2.<\/li>\n There are plenty of SSL certificate vendors on the Internet but it gets very difficult to find out exactly which CA has migrated all its SSL certificates and Code Signing Certificates to SHA-2 signature algorithm. We have carried out a little research on this and found that Symantec™, GeoTrust\u00ae, Thawte™, and RapidSSL™ offer Low Price SSL certificates<\/strong><\/a> with SHA-2 algorithm and technical support by the team of experts.<\/li>\n \tSHA-1 signature algorithm<\/strong><\/a> works on a single 128-bit hash function, whereas SHA-2 signature algorithm works on multiple hash functions. Here is how the upcoming versions of the Google Chrome browser shall react to a SHA-1 SSL certificate.<\/li>\n<\/ul>\n Websites secured by SHA-1 certificates that expire in 2017 or later, on this version will be treated as ‘Secure, but with minor errors’. A small yellow triangle on the padlock will be displayed on the URL as shown below:<\/p>\n Websites with SHA-1 SSL certificates expiring between June 1 2016 to December 31 2016 will trigger the ‘Secure, but with minor errors’ warning as mentioned above.<\/p>\n And the websites secured with SHA-1 SSL certificates expiring on or after January 1 2017, will be treated as ‘neutral, lacking security’. In this, the padlock will be replaced by a blank page icon, as shown in the image below:<\/p>\n All the websites relying on SHA-1 SSL certificates expiring between January 1 2016 to December 31 2016 will trigger the ‘Secure, but with minor errors’, as described above.<\/p>\n And all SHA-1 SSL certificates expiring on or after January 1 2017 will be treated as ‘affirmatively insecure’. In this, a red cross and red strike-through is displayed on the URL, as shown in the image below:<\/p>\n\n
\n\tSHA-2 signature algorithm<\/strong><\/a> is stronger than SHA-1 because it has multiple hash function such as SHA-224, SHA-256, SHA-384, SHA-512, SHA-512\/224, SHA-512\/256 and out of them SHA-256 bit is widely established and more demanded hash function algorithm. The suffix numbers indicate bit length. So SHA-2\u2019s full set of functions are higher bit-length than SHA-1 and therefore are more secure.<\/li>\n\n
![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-39.png\")
<\/a><\/li>\n![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-40.png\")
<\/a><\/li>\n
![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-41.png\")
<\/a><\/li>\n<\/ul>\n![\"SSL](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/SSL-certificate-pad-lock.png\")
<\/td>\n![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-39-error.png\")
<\/td>\n![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-40-error.png\")
<\/td>\n![\"chrome](\"https:\/\/www.rapidsslonline.com\/blog\/wp-content\/uploads\/2014\/10\/chrome-version-41-error.png\")
<\/td>\n