VeriSign switches to new hash function to secure SSL certs

Share this article:
VeriSign, an SSL certification authority (CA), has announced it is switching from the vulnerable MD5 hash function to SHA-1 after the insecurity of MD5 came to light last week with a practical proof-of-concept attack.

A team of researchers revealed at a hacker conference last week a weakness in the MD5 cryptographic hash function that could enable an attacker to create a rogue certificate and potentially impersonate any website, including those secured by the HTTPS protocol.

VeriSign -- one of six CAs reportedly still using the outdated certificates -- said it has been phasing out the MD5 hashing algorithm and is aiming to discontinue the use of MD5 altogether by the end of January, Tim Callan, vice president of product marketing at VeriSign, told SCMagazineUS.com Monday.

“VeriSign has since discontinued using MD5 when issuing RapidSSL certificates and has confirmed that all other SSL Certificates that VeriSign issues are not vulnerable to this MD5 attack,” the company said in a news release.

VeriSign said customers who have certificates in place using the MD5 hashing algorithm can replace their certificates with RapidSSL SHA-1 certificates for free; VeriSign is temporarily suspending its normal fees for replacement certificates, Callan said.

Shortly after news of the potential attack broke last week, CAs that are still using MD5 came under fire.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.