SHA2: 2016, tens of millions of people around the world will experience serious connectivity problems on some of the most popular and encrypted websites like Facebook, Google Gmail, Twitter and various Microsoft sites.
Why; Because your browser or device will not be able to read the new, more secure certificates.
The SHA1 encryption algorithm, which is already at its core better safetyof the web for a decade, will be completely retired, with reports claiming it could be "broken" by the end of the year, effectively rendering millions of users useless and vulnerable to security.
[Pullquote]"We are ready to leave a whole piece of the internet in the past"[/ pullquote]Certification Authorities, on the other hand, said they would immediately respond by stopping issuing SHA1 certificates from 1 2016 midnight on 2 by choosing instead SHAXNUMX certificates instead.
The SHA2 algorithm is much stronger and will last for many years in the future. But there is a problem.
A fairly large number of Internet users do not have browsers or devices that are compatible with the SHA2 algorithm.
"We're ready to let go of the whole internet in the past," Cloudflare CEO Matthew Prince said in an interview in New York earlier this month.
Encryption is important not only to protect electronic banking, email accounts, and social networks. The green URL bar or padlock in your browser verifies the integrity of a website and offers a strong level of assurance that the page has not been modified in any way.
So most websites today adopt encryption because it costs a little to nothing to implement it.
At the time of violation, mass data leakage, and mass surveillance, adopting a powerful algorithm like SHA2 is a very important and necessary move. But travel makers and website owners generally thought they had more time.
Extensive security researchers have reported that SHA1 will last up to 2018, but their current reports state that the SHA1 algorithm can be broken up by the end of 2015.
The good news is that most websites already use powerful SHA2 certificates. However, about 24% of webpages using SSL encryption continue to use the SHA1 algorithm. This means about 1 million web pages.
This number decreases every month, so by the end of the year the percentage could have reached 10 percent of all websites, meaning that the vast majority of encrypted websites will be safe from SHA1 breach attacks.
For the most people, there will be no problem. The majority are already using the latest version of Chrome or Firefox on the latter functional system, or the newest smartphone with the latest software, which are compatible with both the old SHA1 algorithm and the newer SHA2.
But what about those using older devices?
There are still no specific data on how many people are running old or unsupported browsers or devices.
Ivan Ristic, head of SSL Labs at Qualys, told ZDNet that users of Windows XP SP2 , και οι χρήστες με κινητά Android 2.2 and earlier will not be supported by SHA2 certificates.
"Due to the change to SHA2, it is likely that users with older browsers will start experiencing increased frequency issues throughout 2016."
said Ristic.
The Mozilla Foundation has discovered this in a cruel way last year.
Last year, the browser manufacturer renewed the encryption of its page with a new SSL certificate using the SHA2 algorithm. So those who run a browser or an operating system that does not support SHA2 could not access the new site and of course they could not download the browser.
The upgrade "killed a million downloads," said Mozilla's Chris More.
So from the beginning of 2016 that stops issuing new certificates with the SHA1 algorithm, web site owners and application developers will have a whole year to upgrade to SHA2.
