Walden Systems Geeks Corner Microsoft will stop releasing updates via SHA-1 code signing News Rutherford NJ New Jersey NYC New York North Bergen County

Microsoft will stop releasing updates via SHA-1 code signing

Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Microsoft is phasing out use of the Secure Hash Algorithm 1 code-signing encryption to deliver Windows OS updates. Customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019. Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and some older versions of Windows Server Update Services all uses SHA-1 encryption and should be updated by July.

Microsoft will use both the SHA-1 and SHA-2 hash algorithms to authenticate its updates and prevent man-in-the-middle tampering for now. This is because the newer systems supports only SHA-2, and older ones only SHA-1. SHA-2 upgrades will roll out to the affected products beginning March 12. Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively after July due to weaknesses in the SHA-1 algorithm and to align to industry standards.

NIST-developed SHA-1 remains a widely used part of code-signing, but its effectiveness has declined as more attacks that break it have popped up. Microsoft has cited the existence of known collision attacks against SHA-1 as the main reason for advising against its use. Collisions occur when an attacker is able to generate a certificate with the same signature as the original certificate.

Microsoft has been actively deprecating the SHA-1 and older hash algorithms like RC4 since 2013. In 2014, Microsoft made SHA-2 available for Windows 7 and Windows Server 2008 R2, bringing those older versions of Windows in line with Windows 8 and Windows Server 2012 and 2012 R2. Microsoft began steering developers away from SHA-1 in 2016, when it announced that SHA-1 would no longer be allowed for code-signing and certificates. In 2017, it discontinued support in its Internet Explorer and Edge browsers.

Others, including Facebook, Google and Mozilla, are doing the same. These changes are part of a broader shift in how browsers and web sites encrypt traffic to protect the contents of online communications. In 2015, Facebook announced that apps that don't support SHA-2 will no longer connect to it's network. In a security blog in 2016, Google announced that Chrome 56 will no longer support SHA-1. Mozilla also announced back in 2016, it's intention to phase out support for SHA-1.