Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1 Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1
Windows 10

Next Windows 10 Update Will Bring the End of Recognizing SHA-1 As Secure

Edge hero

Microsoft has announced that with the Anniversary update with Windows 10, the company will no longer recognize that SHA-1 is secure in Edge and Internet Explorer. In February of 2017, the company will also block SHA-1 signed TLS certificates in an effort to protect end users from websites that appear to be secure but can be easily compromised.

SHA stands for Secure Hash Algorithm, and the hash function is no longer secure and can be easily cracked. Because Edge and IE still show these sites as secure, it can provide a false sense of security when browsing web pages using this type of algorithm to secure data, as it can be compromised for as little as $2.10.

After the Anniversary update is released, if you navigate to a page using SHA-1, you will still be able to browse the site, but the URL bar will not show the lock icon indicating that it is not secure. In addition to Windows 10, for Internet Explorer 11 on Windows 7 and 8.1, these browsers will show the website as insecure as well.

It is worth noting, for those using Internet Explorer 11, this will only impact certificates that chain to a CA in the Microsoft Trusted Root Certificate program.

If you are an admin and your website is currently using SHA-1, it is important that you update your security certificates as soon as possible to make sure that your site is protected, so that it will not throw an insecure flag after Microsoft releases the update.

You can read more about SHA-1 deprecation on Microsoft’s official blog post detailing the announcement.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.