Google Removing SHA-1 Support in Chrome 56

The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates.

Google said it will remove its support for SHA-1 certificates in Chrome 56, which is scheduled to be released at the end of January. Mozilla and Microsoft have already announced similar deprecation cutoff dates for early next year.

Venafi, which offers enterprises a number of crypto-related services and solutions, said today that 35 percent of websites are still using SHA-1 certificates, which have been considered weak for more than a decade and susceptible to collision attacks that allow attackers to spoof websites and steal data.

Source: Threatpost