Reply to post: Statistics

Hash snag: Security shamans shame SHA-1 standard, confirm crucial collisions citing circa $45k chip cost

GnuTzu

Statistics

I can confirm that there are plenty of sites on the Internet that have there TLS settings set such that they can't do better then SHA-1. That is you won't be able to connect without allowing it.

So, what's going to motivate them to get of their butts and update their configurations? Do browsers need to start nagging users even more? (Anyone know of a browser plugin to alert for weak TLS configurations?)

Qualys is a good place to test and study this. I just wish there were better ways to get lame sites to step up and manage their security better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon