Replies

The warning that Chrome has is with the certificate type the FR is using. Certificates are used for many different reasons in computing, but in this case, the certificate provides “proof” of the identity of the system, as well as encryption of the data (2 different but related functions.)

FR is still using a SHA-1 certificate, while the “current,” certificate type is SHA-2. It has to do with the length of the key, as well as the encryption algorithms used. In simplest terms, these define the “strength” of security, or theoretically how difficult it is to “break” the security.

Normally, it is just theoretical, however just over a week ago, the first “SHA-1 Collision” was demonstrated - Certificates can be used to prove that a document has not been tampered with, using a check-sum. But just recently, two different files were demonstrated to have the same checksum using SHA-1 certificates.

Using a SHA-1 secured web site does NOT neccessarily put your financial data in jeopardy, but it does go against “best practices.” Microsoft has repeatedly pushed back the dates over the years that they would no longer support SHA-1 certificates. Google (with Chrome) no longer supports it, and throws the warning.

Some systems are a breeze to upgrade, others require a complete re-write of the system, and I’m guessing that since FR isn’t using SHA-2, that they’re in the later camp. I’m sure that JimRob and his crew are working hard to upgrade the system.

Again, this warning DOES NOT MEAN your information is necessarily vulnerable! It just means that it’s not currently at “best practices” level.

Here’s a description of the topic, if you’re interested.

https://www.lifewire.com/what-is-sha-1-2626011

Mark