SSL Security Update
November 11th, 2014 by admin
For Humans
The current standard for encryption is weak, exploitable and in the future will show an error when loading your site! If you have an SSL certificate with us we're proactively updating it so you won't run into any problems.
For Super Techno Geeky Cyborgs
Houston, we have a problem. The SHA-1 cryptographic hash function was initially published in 1995, that's the year Tom Hanks uttered those unforgettable words in Apollo 13. Way too old for a technology that we're trusting with all our most sensitive cyber data. In as early as 2005 analysts begun stating that the technology was not secure and should be updated. Cloud based services such as Amazon's EC2 allow users to rent servers for relatively low cost to carry out large scale collision attacks allowing attackers to forge the cryptographic signatures provided by the algorithm.
Because of this Google has announced that they will immediately begin gradually reducing support for the outdated algorithm by showing error messages in the Chrome browser until users will eventually be faced with a red strikethrough error:
Upgrading certificates to the much more secure SHA-2 is a quick and painless process that we will handle for you. You will be running the latest level of encryption and will not need to worry.
More resources
- Why Google is Hurrying the Web to Kill SHA-1
- SHA-1, Wikipedia
- SHA1 crypto algorithm underpinning Internet security could fall by 2018
- Gradually sunsetting SHA-1
If you don't currently have SSL encryption on your site we can set it up for you at no additional cost as long as you are a current Atomic Marketing customer. If you are not on our Atomic Marketing program we can still set it up for you for a nominal monthly fee.
Posted in: announcement