FindMyHost

Web Hosting News

ASEOHosting Explains How SHA-1 Deprecation Impacts SEO Hosting Clients

October 06
12:08 2014

Hudson, FL – ASEOHosting, a leading provider of international SEO hosting, has released an advisory to its clients concerning the recent announcement from Google that SHA-1-based SSL certificates with expiry dates after 2016 will prompt a visual security warning in the Google Chrome browser.

There appears to be confusion among web hosting clients as to the likely impact of Google’s planned deprecation of SHA-1. To ensure that hosting clients have the information they need to make an informed decision, ASEOHosting is releasing an advisory notice.

“We believe that thousands of site owners and eCommerce merchants could be adversely affected by the early deprecation of SHA-1 in Google Chrome,” commented Daniel Page, Director of Business Development at AHosting, Inc., “While we acknowledge that SHA-1 is potentially insecure, the timing of the deprecation gives clients very little time to prepare in advance of the holiday season.”

Hosting clients who use SHA-1 signed certificates that will expire after 1 January 2017 should replace their certificates with ones that use the SHA-2 hashing algorithm: most certificate authorities will reissue certificates without cost.

Google would like sites to upgrade to SHA-2 (SHA-256) well before 2017, and plans to start showing a visual indication of potential insecurity for sites with SHA-1-signed certificates that expire after 1 June 2016. Google plans to introduce the changes in the beta version of Google Chrome in November and thereafter in the stable version. The move may impact site owners and eCommerce retailers in two ways:

Users may be given the impression that a site using SHA-1 is insecure, potentially impacting sales and user trust.

To avoid undermining user trust, site owners with SHA-1 certificates may decide to have their certificates reissued using SHA-2.

Some browsers, including older versions of Internet Explorer, do not support SHA-2, and site owners will have to make a decision about whether to support users of those browser versions.

SHA-1 is no longer considered a secure hashing algorithm. In theory, it’s possible that a malicious individual with sufficient resources could induce a certificate authority to produce a hash collision on a SHA-1 signed certificate, which would allow them to circumvent the identity validation offered by certificate authorities. In practice, a successful exploitation of the vulnerability is unlikely to be within the means of criminals until 2017 at the earliest.

About Ahosting:
AHosting is a managed web hosting provider with facilities in Orlando, FL, and Detroit, MI, owned and operated by AHosting, Inc., supplying hosting services that are truly beyond imagination. Since 2002, AHosting has established one of the web’s premier solutions for reseller web hosting, multiple IP hosting, dedicated servers, and VPS hosting. For more information, visit www.ahosting.net

Research, evaluate and learn more about shared web Hosting at FindMyHost.com.

About Author

FindMyHost Editor

FindMyHost Editor

The 'Web Hosting Blog' at FindMyHost.com was established to provide the web hosting industry with the very latest in news, technology, interviews, event information and more. About FindMyHost.com: Launched in January 2001 to protect Web Host Consumers and Web Developers from making the wrong choice when choosing a Web host. FindMyHost.com showcases a selection of web hosting companies who have undergone our Approved Host program testing and provides reviews from customers.

Related Articles

0 Comments

No Comments Yet!

There are no comments at the moment, do you want to add one?

Write a comment

Write a Comment

Special Offers:

SUBSCRIBE TO OUR MAILING LIST