1 comment

[ 2.9 ms ] story [ 11.3 ms ] thread
Even NIST banned SHA1's use after 31st December 2013.

http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-70000259...

It's the "infrastructure" providers that need to push the change here, if the sites aren't going to. Use the "tyranny of the default" for positive change. Web server software makers, browser vendors, need to push for this type of changes, and not just wait around until the majority of websites have already manually made the changes, before you make that change the default. That takes too long and it's to the detriment of the web's users.