Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline

Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled “Allow certificates signed using SHA-1 when issued by local trust anchors.” Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017. Both did so because the hashing algorithm was susceptible to collision attacks that allowed replicas to be created, a flaw that Google proved in early 2017.

Read full article on The Register

 


Date:

Categorie(s):

Tag(s):