http://ajaxian.com/archives/md5-hash-collision Cleaning up the web with Ajax Thu, 17 May 2012 07:43:39 +0000 hourly 1 http://wordpress.org/?v=3.3.2 http://ajaxian.com/archives/md5-hash-collision/comment-page-1#comment-270182 shadedecho Wed, 31 Dec 2008 18:21:25 +0000 http://ajaxian.com/?p=5535#comment-270182 The article also makes the important point that SHA-1 (while not YET proven to be broken) should be similarly distrusted and phased out, in favor of SHA-2 (or something equivalent or better). . Everyone should check out their own certificates' encryption algorithm (easily explained how near the end of that article) and make sure you are comfortable with the level of protection it provides based on the premise of the paper (ie, not MD5, and preferably not even SHA-1). . GoDaddy is who I use, and my two certificates are both SHA-1. I've sent them a request asking them to consider upgrading to SHA-2 and re-issuing my certificates. . I hope others will pay similar attention and make requests to their providers as they feel necessary. This is quite necessary (especially for those of MD5). The article also makes the important point that SHA-1 (while not YET proven to be broken) should be similarly distrusted and phased out, in favor of SHA-2 (or something equivalent or better).
.
Everyone should check out their own certificates’ encryption algorithm (easily explained how near the end of that article) and make sure you are comfortable with the level of protection it provides based on the premise of the paper (ie, not MD5, and preferably not even SHA-1).
.
GoDaddy is who I use, and my two certificates are both SHA-1. I’ve sent them a request asking them to consider upgrading to SHA-2 and re-issuing my certificates.
.
I hope others will pay similar attention and make requests to their providers as they feel necessary. This is quite necessary (especially for those of MD5).

]]> http://ajaxian.com/archives/md5-hash-collision/comment-page-1#comment-270180 ilazarte Wed, 31 Dec 2008 16:51:32 +0000 http://ajaxian.com/?p=5535#comment-270180 Maybe this is why Pownce never supported SSL, it's all broken anyways! Maybe this is why Pownce never supported SSL, it’s all broken anyways!

]]>