NewsOXY > Technology > VeriSign Changes SSL Certificate Algorithm
Main
Hybrid Cars By Topic
General Info
Popular Topics

VeriSign Changes SSL Certificate Algorithm

VeriSign has changed its SSL certificate algorithm from MD5 to SHA-1 due to network security concerns. The company is reissuing its RapidSLL Certificates to all customers free of charge.

By: Sara Smith

Published: Jan 5, 2009

Updated: Jul 2, 2009

Researchers from the Chaos Communication Congress unveiled a flaw using MD5 SSL certificates, a method VeriSign uses to secure online Web sites. The network security issue was enough to switch the SSL certificate algorithm to SHA-1. VeriSign was already making plans to phase out the MD5 but was prompted to take immediate action when the exploit was unveiled.

VeriSign Inc has changed its SSL certificate algorithm from MD5 hash to SHA-1 due to network security concerns. The company is reissuing new RapidSSL certificates which are replaced with the SHA-1 algorithm.

"The transition to the SHA-1 algorithm came within a few hours of the public unveiling of an MD5 flaw presented by researchers during the 2008 Chaos Communication Congress (CCC) in Berlin, rendering the MD5 flaw ineffective for all new RapidSSL Certificates," VeriSign said in a statement.

RapidSSL certificates are one of the products offered by VeriSign which protects Web sites by providing encryption. Online certificates are mostly used by banks and online merchants. The company is reissuing new certificates for RapidSSL free of charge.

"We applaud this team's research and efforts to improve online security as well as their disclosure of the findings for the benefit of the broader Internet community," Chris Babel, VeriSign svp and general manager, said in a statement.

Researchers found that MD5 could be used to create a false SSL certificate under the RapidSSL certification brand. The exploit composes a new false certificate from scratch and affects only new certificates. This means that current certificates on Web sites were not affected.

"Because the exploit never impacted certificates already in production on Web sites, including previously-issued RapidSSL Certificates or any other VeriSign brand certificate, current certificates used by banks, brokerages, online merchants, and all other SSL-using entities were not affected by this exploit," VeriSign said.

> back to top

What's new with VeriSign? Latest News In Technology

You can share this VeriSign news story with your friends or family from our Technology section. This article can be shared through e-mail or sent to online social Web sites including Twitter, Facebook, MySpace and others. You can choose from one of the options below.

Share Article:
  • Twitter
  • Facebook
  • StumbleUpon
  • Digg
  • Live
  • MySpace
  • Delicious
  • Buzz
  • MyWeb
  • Google
  • Mixx
  • Propeller
  • Reddit
Email Article:
  • Email
  • Gmail
  • Yahoo
  • Hotmail
  • AOL

Follow Us On Twitter!

You can catch all the latest news from us @Newsoxy on Twitter.

Hybrid Cars Newsletter
Hybrid Newsletter!

Get the latest on Hybrid Cars, SUVs, Trucks, and Minivans from our Hybrid Newsletter for free.

Newsletter! | Submit News | Feedback | About Us | Privacy Policy | Terms of Use | Contact Us | Help and FAQs

© 2009 NewsOXY.com, LLC. All Rights Reserved.