To: knarf; Jim Robinson; John Robinson; Sidebar Moderator
Follow-up with more information - yes, SHA1 *has* been broken.
http://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered
“As a result, most sites have already dropped SHA-1. As recently as 2014 it was being used for as much as 90 percent of the encryption on the web, but it’s been mostly abandoned in the years since. As of January 1st, every major browser will show you a big red warning when you visit a site secured by SHA-1. It’s hard to say how many of those sites are left, but anyone with a halfway decent certificate provider is already safe.”
9 posted on
03/03/2017 3:04:47 AM PST by
Spktyr
(Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
To: knarf; Jim Robinson; John Robinson; Sidebar Moderator
I would also point out that failing to fix this will get FR automatically reported to Google, Mozilla and other browser makers as a malicious site, which could mean that FR would eventually be placed on a site block list. Many people configure their browsers to report issues like this automatically to help the overall security of the web:
12 posted on
03/03/2017 3:21:18 AM PST by
Spktyr
(Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson