

Hoping to avert “collision” with disaster, Microsoft retires SHA1 - lisper
http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/

======
jlgaddis
It's about time. Here's what NIST said in 2006:

 _" NIST encourages a rapid adoption of the SHA-2 hash functions for digital
signatures, and, in any event, Federal agencies must stop relying on digital
signatures that are generated using SHA-1 by the end of 2010."_

------
chris_wot
Internet Explorer is the first browser to implement SSL/TLS 1.2? What about
Firefox and Chrome - anyone know their status?

~~~
nezza-_-
I think they mean that they're the first to retire the cipher suits, not the
first who implemented TLS1.2.

Quote from here:
[http://en.wikipedia.org/wiki/Transport_Layer_Security#Dealin...](http://en.wikipedia.org/wiki/Transport_Layer_Security#Dealing_with_RC4_and_BEAST)

    
    
      Chrome 30 and Opera 17 support TLS 1.1 and 1.2 enabled by default. Firefox 25 and 24
      ESR, and Internet Explorer 6-10 have support for TLS 1.1 and 1.2 but disabled by default
      (Firefox 28 Nightly and IE 11 supports TLS 1.1 and 1.2 enabled by default).
      Safari 6 for Mac OS X 10.8 and 10.7, and Safari 5 for Windows and support only
      TLS 1.0 (Safari for iOS, and Safari 7 for Mac OS X 10.9 support TLS 1.1 and 1.2
      enabled by default).

~~~
yuhong
I just made a correction to the part on Internet Explorer on Wikipedia.

------
LammyL
It is nice and all that Microsoft is pushing TLS 1.2 and AES-GCM, but they
still don't have support in schannel (used by IIS and IE??) for
ECDHE_RSA_AES_GCM cipher suites.

~~~
yuhong
Or any AES-GCM RSA cipher suites for that matter. I complained to Marsh Ray of
MS about this.

~~~
marshray
Your request has not been forgotten :-)

But it might be really helpful if you were to explain a specific customer
scenario where the security would be meaningfully increased by adding support
for this particular cipher suite. I might be able to come up with something,
but it would mean more coming from a customer.

------
rakoo

      Microsoft officials went on to recommend that customers 
      stop using SHA1 now and begin using certificates based on 
      SHA2, which is much more resistant to collision attacks.
    

If SHA1 is broken at the algorithm level, one must _not_ use SHA2, which is
the just a bigger SHA1.

~~~
beagle3
"Just bigger" can buy 10-20 more years. The details do matter.

------
rbanffy
Are any other major OSs using SHA1?

~~~
beagle3
git does, pervasively.

------
beagle3
git uses sha1 for ... everything. git's cryptography guarantees is based on
signing sha1 commit ids. Perhaps it's time to move on?

------
JetSpiegel
... after seeking approval from the NSA.

