Facebook has more than billion of members and the amount of active members is overwhelming. But the web browsing for its millions of users is going get much riskier with expiry of a key security algorithm. The algorithm in question is called SHA-1, which will stop being supported by the web browsing programs in 2016, and it will leave millions of users vulnerable to various threats. This algorithm will be replaced with SHA-2, which will not be compatible with a large number of older web browsers. Facebook had stated that the people who will be exposed through the expiration of SHA-1 live in regions where ‘web use’ is closely watched.
Facebook gets furious over expiration of algorithm
It has been furious over the imminent expiration of algorithm SHA-1. Facebook’s chief security officer, Alex Stamos, has written a blogpost where he showed his angst and stated that expiration of SHA-1 will result in cutting of tens of millions of people from the benefits of encrypted internet.
It had carried some extensive data collection and the statistics showed that a mere 3-7% of all web browsers are too old to use the replacement SHA-2. But this mere percentage translates into millions of Facebook users who will be left vulnerable for cyber attacks and eavesdropping as well as monitoring of online activities.
What does SHA-1 algorithm offers?
SHA-1 algorithm offers a wide range of security measures, which protect the users online and make it safer to browse. It offers a guarantee of identity and conceals what people do online i.e. the web browsing habits are safeguarded from the trackers. However, in the recent past the cost of mounting attacks has gone down drastically which is making it much easier for attackers to impersonate websites as well as spying on the data.
A security firm named Cloudflare has issued some strong warning related to the retirement of the SHA-1. It has even offered a list of nations, which will be affected by this retirement as their older browser, is not compatible with the newer algorithm. Cloudflare had stated that people living in some of the poorest and warn torn countries in the world will be left using non-secure web browsers.
Facebook brings a proposal for two tier system
Facebook and Cloudflare are urging the CA/Browser Forum which a body given the task for drawing up browser security standards to support their proposal to operate a tow tier system. This system will allow the older web browser to still make use of SHA-1 as they cannot make use of updated algorithm. The entire modern web browsers, which are updated to its most recent version, will be able to support the SHA-2 but other will fail to implement the same. It will be very alarming situation as it will leave such browsers and their users vulnerable in the hand of the cybercriminals. However, CA/Browser has not responded to the proposal of Facebook and Cloudflare.