In 2016, tens of millions of people around the world will face trouble accessing some of the most common encrypted websites like Facebook, Google and Gmail, Twitter, and Microsoft sites.
Why? Because their browser or device will be unable to read the new, more secure certificates.
SHA1, the cryptographic hashing algorithm that's been at the heart of the web's security for a decade, will be retired in a little over a year. Some say it could be cracked by the end of the year, essentially making it useless and weakening security for millions of users.
Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2.As sites move to SHA2 encryption, millions face HTTPS lock-out | ZDNetThere's no way to tell exactly how many will be affected until it happens, in part because there are no concrete figures on how many people are running old or unsupported browsers or devices.
I'm not sure what all the tears about.
Keeping hardware and browsers and other programs to some degree of updated state is and always has been the computing world. Lots of hardware and software gets to old to use. The industry is not going to stop improving just because some can't afford the improvements, or don't want to upgrade.
OK, what are the odds that IE, Edge, FF, Chrome, etc. won't update to the new standard by New Years?
That's not the question, browser support has been here for years, but the risk is that users don't upgrade to those versions in time, and those still using very old browsers will be unable to load such sites.
The article seems to be over-pessimistic. Since software that does NOT support SHA2 is very old, reality dictates that most people won't notice anything at all.
Anyone remembers Y2K?
Most people don't even notice that SHA2 is ALREADY in use, and almost everyone didn't realized that they were using the upgraded algorithm. If "news" like this article won't have been published, possibly the web would transition entirely to it and no one would ever notice anything.
As a quick example, if you look at the certificate that Google presents:
Note the highlighted row, clearly saying that the signature algorithm is SHA256. Everyone using Google, YouTube, GMail, GDrive and all those associated servicees already "migrated". Many other sites already have done too, just look at their certificates.
When Y2K happened I just went out drinking. I didn't want to see the world come to a end with a clear head.
Quote
