{"id":19579,"date":"2021-04-15T07:25:42","date_gmt":"2021-04-15T05:25:42","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19579"},"modified":"2021-04-15T07:25:42","modified_gmt":"2021-04-15T05:25:42","slug":"ab-9-mai-2021-verwendet-microsoft-nur-noch-sha-2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/04\/15\/ab-9-mai-2021-verwendet-microsoft-nur-noch-sha-2\/","title":{"rendered":"As of May 9, 2021, Microsoft will only use SHA-2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/04\/15\/ab-9-mai-2021-verwendet-microsoft-nur-noch-sha-2\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft will only allow the more secure SHA-2 algorithm in its processes and services (including in TLS certificates, code signing and file hashing) from May 9, 2021. SHA-1 use will then no longer be possible.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/9d2f532c9b404c1dba874de391913abe\" width=\"1\" height=\"1\">The announcement was made on April 14, 2021 in the blog post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/microsoft-to-use-sha-2-exclusively-starting-may-9-2021\/ba-p\/2261924\" target=\"_blank\" rel=\"noopener\">Microsoft to use SHA-2 exclusively starting May 9, 2021<\/a> (thanks to the user for pointing this out). At that time, Microsoft will phase out the trusted root certification authority Secure Hash Algorithm 1 (SHA-1). Starting May 9, 2021, at 4:00 p.m. Pacific time, all major Microsoft processes and services &#8211; including TLS certificates, code signing, and file hashing &#8211; will exclusively use the SHA-2 algorithm.<\/p>\n<h2>The background: SHA-1 is considered insecure<\/h2>\n<p>The SHA-1 hashing algorithm is now considered insecure because over time, SHA-1 is considered too insecure due to vulnerabilities found in the algorithm, increased processor power and the advent of cloud computing. Since there are now better alternatives such as Secure Hash Algorithm 2 (SHA-2), they are preferred. <\/p>\n<p>For this reason, Microsoft has already switched the signing of Windows updates in 2019 to exclusively use the more secure SHA-2 algorithm and subsequently withdrawn all SHA-1 content signed with Windows from the Microsoft Download Center on August 3, 2020. I had reported on the implications for Windows 7 (the newer operating systems already supported SHA-2) in the blog post <a href=\"https:\/\/borncity.com\/win\/2018\/11\/21\/windows-7-from-april-2019-sha-2-support-is-required\/\">Windows 7: From April 2019 'SHA-2-Support' is required<\/a>. <\/p>\n<h2>What does this mean?<\/h2>\n<p>In the best case, administrators and users don't even notice. The expiration of the Microsoft SHA-1 Trusted Root Certificate Authority only affects SHA-1 certificates that are chained to the Microsoft SHA-1 Trusted Root Certificate Authority. Manually installed enterprise or self-signed SHA-1 certificates are not affected. However, Microsoft strongly recommends switching to SHA-2 (if not already done).<\/p>\n<p>In the article above, Microsoft writes that they do not expect any problems due to the expiration of the SHA-1 certificate, because all important applications and services have been tested.<\/p>\n<p><strong>Similar articles<\/strong><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/02\/18\/sha-2-patch-for-windows-7-arrives-on-march-2019\/\">SHA-2 patch for Windows 7 arrives on March 2019<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/11\/21\/windows-7-from-april-2019-sha-2-support-is-required\/\">Windows 7: From April 2019 'SHA-2-Support' is required<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft will only allow the more secure SHA-2 algorithm in its processes and services (including in TLS certificates, code signing and file hashing) from May 9, 2021. SHA-1 use will then no longer be possible.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-19579","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19579"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19579\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}