Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Google Chrome will stop supporting poorly secured sites soon

By Liu Hongzuo - on 21 Dec 2015, 2:02pm

Google Chrome will stop supporting poorly secured sites soon

This error message pops up on HTTPS sites that are not properly secured. The new version 48 of Google Chrome web browser will see even more of these errors if websites continue using SHA-1 encryption for security.

Starting from early 2016, Google’s Chrome browser will stop support for websites that uses SHA-1 SSL certificates. The tech giant claims that their decision has to do with SHA-1 certificates’ inherent weaknesses, and they are moving on to support stronger SHA-2 SSL certificate for websites. The change will be implemented when Google Chrome is updated to Chrome version 48, which should be live by early 2016. Chrome version 48 is currently available as a beta. The announcement was made over Google’s online security blog.

SHA-1 (Secure Hash Algorithm) is an encryption-based security measure that uses cryptographic hash functions to encrypt sensitive information that a user would likely use when visiting websites in general. Currently, the weakness lies in how two different messages can result in having the same encrypt value after SHA-1 is applied (called hash collision).

Google is currently researching on its vulnerability here, but results and examples so far have been clear at showing how SHA-1 information is susceptible to tampering with minimal computing resources. The move to SHA-2 is favored by Google because its encryption is varied and longer in nature, resulting in a significantly stronger encryption.

All sites that use SSL certificates are affected by Google’s new security measures, since SSL certificates uses the SHA encryption methods to protect digital signatures. The new security measures are not meant to severely cripple websites by having the web browser mark them as unsafe, but to encourage site owners to use a more robust SHA-encrypted certificate as SHA-1 is slowly phased out of use by 2017. Microsoft Edge and Mozilla Firefox are stopping SHA-1 support by 1 January 2017, but Google Chrome has decided to jump the gun, stopping SHA-1 support on their browser as early as 1 July 2016.

Loading...