Più
Microsoft is cancelling weak roots

Microsoft is cancelling weak roots

08-10-2012 12:37:00

A weak roots are defined as a keys long less than 1024-bits. No connections with these short encryption keys are dedicated to increase the protection of users and also moving from the Internet old and unsafe tools to a stronger encryption length.

Microsoft has been informing about changes for several months and has been promoting upgrades to minimum 2048-bits root certificates. From tomorrow (9 October 2012) weak root keys will be cancelled as an unsafe connections.

These certificates uses keys with 516-bits lengths e.g., but today the norm is 2048-bits length and it is possible to find a security with 4096-bits encryption level.

All key lengths less than 1024-bytes were designed many years ago and don't provide protection against attacks popular in the Internet nowadays. No changes for stronger encryption may meet no connection with the website (poorly protected sites may be disconnected by the browser) or no digital signs for e-mail on Outlooks.

Rejecting weak security levels shouldn't affect many sites and Internet users because all SSL certificates are issued by Certificates Authorities for specified number of years and after this time it is necessary to renew SSL certificate with obligatory valid security level.

Tomorrow's upgrade continues the plan of rejecting all weak root keys. This August Microsoft cancelled all connections with websites, applications, platforms and files which worked with old keys long less than 1024-bits issued before 1st January 2010. Microsoft is planning to cancel all 1024-bits in the end of next year.

More: InfoSecurity Magazine

Messaggi recenti

Google AdWords requires an SSL certificate?
03-07-2017 11:56:53

If you run a online business, you are sure to use Google AdWords. Perhaps this is one of the main traffic sources on your site, so the last message you want to see is "Your account has been suspended ...". And yet, you can expect it if your site is not SSL-secured.

Google AdWords requires an SSL certificate?
Comodo and DomenySSL are deprecating SGC
06-07-2016 13:23:42

Starting 1st of August 2016, Comodo and DomenySSL will no longer offer SGC variants of certificates. As your account has a valid SGC certificate which will be up for renewal in the future, the company has prepared a list of recommended alternatives.

Comodo and DomenySSL are deprecating SGC
Thawte pampers clients
04-07-2016 12:22:58

Thawte is only one of the few vendors outside of the United States. As the main competitor of American vendors quickly gained a 40 % share of the market SSL certificates.
 

Thawte pampers clients
altri post