In 2005, it was discovered that the secure hash algorithm SHA-1 wasn't as strong as it was initially thought to be, according to Google Online Security Blog. In the years since, there has been a gradual move away from SHA-1.
The need for this upgrade was further validated recently by security blogger Bruce Schneier, who reported on a cryptanalysis of SHA-1 which found that it isn't collision-free. The experiment was carried out by Chinese cryptographers who, as Schneier explained, "developed an algorithm for finding collisions faster than brute force."
Schneier said the Chinese researchers' findings necessitated a broad move toward replacing SHA.
"Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI," Google stated in a Sept. 5 blog post.
Thus, the end of SHA-1 has arrived — and it's two years early, at that. But fortunately, the path to SHA-2 doesn't have to be fraught with complexity for you and your business.
By understanding the various deadlines and how they apply to you, you can make your enterprise's migration to SHA-2 streamlined and cost-effective. Here's how the security icons on your site's domain will be impacted by the transition, depending on which version of Chrome you're using or will use:
Whether you're a general store that barely uses computers or a tech company that's firmly entrenched in the cybersphere, it's vital that you make the effort to be proactive and phase out SHA-1 for the more secure SHA-2. After all, it only takes a single attack to derail an enterprise's sense of security — and attackers are everywhere.
Not surprisingly, the store type most likely to be impacted by this issue are e-commerce retailers, particularly since the shopping season will mark an inevitable rise in online purchases. As shoppers crowd their favorite online retailers making holiday purchases, it's important that those businesses have the tools in place to defend the security of their patrons.
Here are a few key action points for the migration to SHA-2: