Apple Drops Support for SHA-1 Certificates in macOS Catalina and iOS 13

Nice to see them doing this.

Planned obsolescence...smh...

For an insecure encryption algorithm? I would hope they'd deprecate it (following Google, Firefox etc.).

Planned obsolescence...smh...

I know, it's a disgrace. Little known fact: very few websites work well on Netscape Navigator either :mad:

For an insecure encryption algorithm? I would hope they'd deprecate it (following Google, Firefox etc.).

There was an implicit /s in vicviper789's post ;)

There was an implicit /s in vicviper789's post ;)

It’s impossible to tell if someone is being sincere or sarcastic on the internet; which is why we have ‘/s’.

Planned obsolescence...smh...

I get your point and share the frustration, but it's not warranted in this case.

Encryption algorithms have shelf lives, more or less. Weaknesses are periodically discovered that make them vulnerable to cracking or workarounds, as in this case. Generally these problems cannot be fixed in the way ordinary software is patched because the problems are not specific to any vendor and are simply fundamental flaws in the encryption mechanism; the only solution is abandonment of the encryption method and moving on to safer methods.

SHA-1 is over 25 years old and has been known to have problems since at least 2005. Deprecating encryption methods that are known to be too weak or vulnerable is the right thing to do, and if anything, this move is long overdue.
[doublepost=1559832487][/doublepost]

I know, it's a disgrace. Little known fact: very few websites work well on Netscape Navigator either :mad:

I miss Netscape. ;)

I have to laugh at the 40-bit encryption we used in the late 90s (32-bit in some parts of the world). It wasn't thought overly safe even at the time, but that seems just silly, today.

I miss Netscape. ;)

I have to laugh at the 40-bit encryption we used in the late 90s (32-bit in some parts of the world). It wasn't thought overly safe even at the time, but that seems just silly, today.

Remember when encryption-enabled Netscape was considered a "munition", and was barred from export from the US, so they had a plaintext-only version for the rest of the world?

"Deprecated" is not a synonym for "removed."

Planned obsolescence...smh...

So you're saying I should stop using MD5?

Remember when encryption-enabled Netscape was considered a "munition", and was barred from export from the US, so they had a plaintext-only version for the rest of the world?

I don't remember that. What I recall was US consumers being able to use 128-bit encryption in their browser while non-US consumers were limited to 40-bit encryption - due to the "munitions" argument ('https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#PC_era').

It's why Korean banks developed their own ActiveX-based banking tech, a security headache which persisted long after Microsoft said to the world "Uh... please stop using that".

Fortunately someone eventually convinced the old farts who made those silly rules that there are plenty of smart people outside the US who are capable of writing their own web browsers capable of good encryption... so all setting those artificial restrictions did was hobble US-based browser makers.