{"id":473,"date":"2015-12-23T20:58:15","date_gmt":"2015-12-23T20:58:15","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=473"},"modified":"2015-12-23T20:58:15","modified_gmt":"2015-12-23T20:58:15","slug":"sha-1-certificates-eol","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/sha-1-certificates-eol\/","title":{"rendered":"SHA-1 Certificates EOL"},"content":{"rendered":"<p><em>The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2005\/02\/cryptanalysis_o.html\">since at least 2005<\/a> \u2014 9 years ago. <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2012\/10\/when_will_we_se.html\">Collision attacks against SHA-1 are too affordable<\/a> for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.<\/em><\/p>\n<p><em>That\u2019s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome\u2019s user interface.<\/em><\/p>\n<p>https:\/\/googleonlinesecurity.blogspot.ro\/2015\/12\/an-update-on-sha-1-certificates-in.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to besince at least 2005 \u2014 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper. That\u2019s why Chrome [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[274],"tags":[276,108,275],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-7D","jetpack-related-posts":[{"id":1499,"url":"http:\/\/www.mtin.net\/blog\/ethernet-mtu-and-overhead\/","url_meta":{"origin":473,"position":0},"title":"ethernet MTU and overhead","author":"j2sw","date":"January 8, 2017","format":false,"excerpt":"One of the most common questions is how much overhead do I need to account for on my transport network? I have put together a quick list to help when you are calculating your overhead. -GRE (IP Protocol 47) (RFC 2784): 24 bytes (20 byte IPv4 header, 4 byte GRE\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/01\/ethernet.jpeg?fit=1200%2C775&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/01\/ethernet.jpeg?fit=1200%2C775&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/01\/ethernet.jpeg?fit=1200%2C775&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/01\/ethernet.jpeg?fit=1200%2C775&resize=1050%2C600 3x"},"classes":[]},{"id":2230,"url":"http:\/\/www.mtin.net\/blog\/letsencrypt-and-mikrotik\/","url_meta":{"origin":473,"position":1},"title":"LetsEncrypt and Mikrotik","author":"j2sw","date":"April 25, 2018","format":false,"excerpt":"Recently there has been some activity on integration with LetsEncrypt and Mikrotik.\u00a0 \u00a0WHile Mikrotik does not directly support Letsencrypt directly yet, you can make it work with this setup https:\/\/github.com\/gitpel\/letsencrypt-routeros \u00a0 \u00a0 From the GitHub Page: How it works: Dedicated Linux renew and push certificates to RouterOS \/ Mikrotik After\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/09\/download.jpg?fit=236%2C213&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":473,"position":2},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1440,"url":"http:\/\/www.mtin.net\/blog\/dhcp-starvation-attack\/","url_meta":{"origin":473,"position":3},"title":"DHCP Starvation attack","author":"j2sw","date":"February 12, 2018","format":false,"excerpt":"DHCP starvation attacks are designed to deplete all of the addresses within the DHCP scope on a particular segment. Subsequently, a legitimate user is denied an IP address requested via DHCP and thus is not able to access the network.\u00a0 Yersinia is one such free hacking tool that performs automated\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"http:\/\/www.mtin.net\/blog\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":347,"url":"http:\/\/www.mtin.net\/blog\/ipv6-security-tidbits\/","url_meta":{"origin":473,"position":4},"title":"IPv6 Security tidbits","author":"j2sw","date":"September 1, 2015","format":false,"excerpt":"\/127's for point to point links (RFC 6164) instead of \/64's New security problems with IPV6 -Extension header chains -Packet\/Header fragmentation -Predictable fragment headers -Atomic Fragments (RFC 6946) Most of these type of attacks are very complicated. Avoid EUI-64","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":126,"url":"http:\/\/www.mtin.net\/blog\/mtin-becomes-cloudflare-partner\/","url_meta":{"origin":473,"position":5},"title":"MTIN becomes CLoudFlare Partner","author":"j2sw","date":"August 20, 2014","format":false,"excerpt":"This is a guest post written and contributed by CloudFlare.\u00a0 CloudFlare makes it easy for any site to be as fast and secure as the Internet giants. CloudFlare, a web performance and security company, is excited to announce our partnership with\u00a0MTIN Consulting If you haven\u2019t heard about CloudFlare before, our\u2026","rel":"","context":"In \"CloudFlare\"","block_context":{"text":"CloudFlare","link":"http:\/\/www.mtin.net\/blog\/tag\/cloudflare\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/473"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=473"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/473\/revisions"}],"predecessor-version":[{"id":474,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/473\/revisions\/474"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=473"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}