SHA-1 stands for Secure Hash Algorithm, it is in it’s essence a set of mathematical equations that you can apply towards data to encrypt information and keep it hidden. The SHA family of encryption algorithms was created by the NSA.

In 2005 SHA-1 was shown to have been compromised mathematically. A mathematical compromise is different than say a bruteforce attack, in that with the knowledge you used to crack the algorithm can be used to crack other data. Since then, the compromise has been refined allowing the crackers to break encryption faster.

Many browser developers such as Google and Microsoft have initiatives to phase out support for the SHA-1 algorithm by 2017. Google has gone further with a tiered approach. Starting this november we will begin to see warnings on websites that will notify users that the encryption the site is using is insecure.The great thing about this is that it’s forcing everyone to take a second look.

Technologies like this often take a backseat to public exposure. The understanding of this technology isn’t readily accessible to your average internet user. With that, the people you would assume are the experts, hosting providers or SSL merchants, are often unaware or unconcerned by this compromise.

Even after all of this time the SHA-1 algorithm still stands as the most popularly used algorithm to secure websites. As each year passes the compromise becomes more of a threat. This problem is fairly serious due to the fact that anyone who shops online, uses social media, or uses email is potentially at risk for having their personal information exposed.

SHA-2 on the other hand is a newer algorithm. Sharing only a similar name this algorithm has been significantly updated and provides a more complex level of encryption that is to date, un-compromised.

-Mike McGuire, FIREANT Director of Technology

 Read Google’s Blog about sunsetting SHA-1

About Fireant

FIREANT is an interactive marketing studio, excelling at web design and development, and assisting clients with their website campaigns and mobile solutions. With a strong and thoughtful attention to detail and mission for creating better interactive experiences, we strive to create smarter solutions from complex problems. Don’t hesitate to reach out and see how we can secure your website and protect your users.
Follow us on Twitter for inspiration and industry news.
Follow us on LinkedIn for discovering value and business solutions in interactive marketing.
Follow us on Facebook to stay up-to-date with the Denver office.