14 DAY TRIAL // Microsoft has recently announced that all of its services would make the switch to the more secure SHA-2 algorithm next month.
In other words, all Microsoft processes and services, including TLS certificates, code signing, and file hashing, would rely on SHA-2 exclusively beginning May 9, with the company to let the SHA-1 Trusted Root Certificate Authority expire.
Of course, it’s not difficult to see why this is happening. SHA-1 is no longer the most secure algorithm currently available, so making the switch to SHA-2 was just a matter of time.
In fact, the Redmond-based software giant is already using SHA-2 for several essential services, including Windows updates, which are all signed with this algorithm starting 2019. Furthermore, Windows signed SHA-1 content has already been pulled from the Microsoft Download Center.
“The SHA-1 hash algorithm has become less secure over time because of the weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not experience the same issues,” Microsoft explains.
Smooth transition
Needless to say, Microsoft says the transition is supposed to be as smooth as possible, as it has already conducted a series of tests to determine the impact it could have on its services.
“The Microsoft SHA-1 Trusted Root Certificate Authority expiration will impact SHA-1 certificates chained to the Microsoft SHA-1 Trusted Root Certificate Authority only. Manually installed enterprise or self-signed SHA-1 certificates will not be impacted; however we strongly encourage your organization to move to SHA-2 if you have not done so already,” it says.
According to the announced schedule, all processes and services would switch to SHA-2 on May 9, 2021 at 4:00 PM Pacific Time.