The algorithm known as SHA-1 will no longer be supported by web browsing programs during 2016 and will be replaced by SHA-2. In other words, after 31 December most of the encrypted web will be cut off from the most vulnerable populations of internet users who need encryption the most. However, the replacing algorithm will not be compatible with older web browsers. Statistics gathered by Facebook suggests that 3-7% of all web browsers are so old that they cannot use SHA-2. SHA-1 is used in a lot of security measures as a guarantee of identity and to conceal what people do online. But the cost of mounting an attack has fallen sharply recently so it has become much more straightforward for attackers to impersonate websites and spy on data. Security firm Cloudflare has also issued warnings about the retirement of SHA-1 and drawn up a list of the nations where older browsers that cannot work with the new version are most prominent. Facebook and security firm Cloudflare have called for changes to the way that web browsers handle SHA-1 once it is retired. The proposal would mean SHA-1 would still be used for those using a browser that cannot use the updated algorithm. Modern browsers that are updated to their most recent version will support SHA-2.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street