Microsoft to use SHA-2 exclusively starting May 9, 2021

    Microsoft to use SHA-2 exclusively starting May 9, 2021

    Microsoft to use SHA-2 exclusively starting May 9, 2021


    Last Updated: 15 Apr 2021 at 12:39

    As a major move to the more secure SHA-2 algorithm, Microsoft will allow the Secure Hash Algorithm 1 (SHA-1) Trusted Root Certificate Authority to expire. Beginning May 9, 2021 at 4:00 PM Pacific Time, all major Microsoft processes and services—including TLS certificates, code signing and file hashing—will use the SHA-2 algorithm exclusively.

    Why are we making this change?

    The SHA-1 hash algorithm has become less secure over time because of the weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not experience the same issues. As a result, we changed the signing of Windows updates to use the more secure SHA-2 algorithm exclusively in 2019 and subsequently retired all Windows-signed SHA-1 content from the Microsoft Download Center on August 3, 2020.

    What does this change mean?

    The Microsoft SHA-1 Trusted Root Certificate Authority expiration will impact SHA-1 certificates chained to the Microsoft SHA-1 Trusted Root Certificate Authority only. Manually installed enterprise or self-signed SHA-1 certificates will not be impacted; however we strongly encourage your organization to move to SHA-2 if you have not done so already.

    Keeping you protected and productive

    We expect the SHA-1 certificate expiration to be uneventful. All major applications and services have been tested, and we have conducted a broad analysis of potential issues and mitigations. If you do encounter an issue after the SHA-1 retirement, please see Issues you might encounter when SHA-1 Trusted Root Certificate Authority expires. In addition, Microsoft Customer Service & Support teams are standing by and ready to support you.


    Source: https://techcommunity.microsoft.com/...1/ba-p/2261924


    Brink's Avatar Posted By: Brink
    14 Apr 2021


  1. Posts : 17,744
    Win 10 Home 10.0.19044.1706 (x64) [21H2]
       #1

    I'm a bit confused by the link in the last paragraph.

    Ahhh.... Scroll down and where it asks: "Was this information helpful?", click either Yes or No, to see the info.





    Or just read it here....



    Microsoft to use SHA-2 exclusively starting May 9, 2021-image2.png
      My Computer


  2. Posts : 237
    Windows 10 Home 21H2
       #2

    "Popular applications"? So what does that mean for old legacy programs with signatures that are still valid, but of the SHA-1 type?
      My Computer


  3. Posts : 17,744
    Win 10 Home 10.0.19044.1706 (x64) [21H2]
       #3

    i486 said:
    "Popular applications"? So what does that mean for old legacy programs with signatures that are still valid, but of the SHA-1 type?


    I "think" so. I was checking some of my software... I noticed for example that an old Microsoft game (Microsoft Links 2003 (golf)), not only isn't SHA-2, but it doesn't even "have" a Digital Signatures tab.
    From my understanding, you will be able to override any warning or issues Windows 10 may have with this old software.

    In other words... don't lose any sleep over this... today. Just keep this in mind for the future.
    Add it to your bookmarks or similar.
      My Computer


  4. Posts : 237
    Windows 10 Home 21H2
       #4

    Ghot said:
    I "think" so. I was checking some of my software... I noticed for example that an old Microsoft game (Microsoft Links 2003 (golf)), not only isn't SHA-2, but it doesn't even "have" a Digital Signatures tab.
    From my understanding, you will be able to override any warning or issues Windows 10 may have with this old software.

    In other words... don't lose any sleep over this... today. Just keep this in mind for the future.
    Add it to your bookmarks or similar.
    That's just the question, will those popups be one time only or will they appear every time the program is launched unless you go and disable some critical security related settings that would have a system-wide impact, such as disabling the requirement for driver signing. Most open source programs won't even have signatures and people often have many of them because they're free.
      My Computer


  5. Posts : 17,744
    Win 10 Home 10.0.19044.1706 (x64) [21H2]
       #5

    i486 said:
    That's just the question, will those popups be one time only or will they appear every time the program is launched unless you go and disable some critical security related settings that would have a system-wide impact, such as disabling the requirement for driver signing. Most open source programs won't even have signatures and people often have many of them because they're free.


    I'm pretty sure that once you make an exception for some program, in whatever Windows app that created the popup... you won't see it any more.

    But one program may generate a popup in say... Smartscreen and something else. You will probably have to make an exception in each.



    In my case, long ago, I just disabled Smartscreen, UAC, Notifications, etc.
    I'm not suggesting everyone do that, but for some, it may make their day a bit more pleasant.
      My Computer


  6. Posts : 214
    Windows 10
       #6

    Does this mean that I won't be able to download any Windows Updates for outdated versions and discontinued software lines?

    • Microsoft Office 2007
    • Visual Fox Pro
    • Windows Live Mail
    • Microsoft Expression
    • Windows Media Centre
    • Zune Media Player
    • Microsoft XNA
    Last edited by desbest; 20 May 2021 at 12:11.
      My Computer


  7. Posts : 1,576
    Windows 7 Home Premium x64
       #7

    desbest said:
    Does this mean that I won't be able to download any Windows Updates for outdated versions and discontinued software lines?

    • Microsoft Office 2007
    • Visual Fox Pro
    • Microsoft Expression
    • Windows Media Centre
    • Zune Media Player
    • Microsoft XNA
    you do realize that Windows Media Centre (or Center) is not included in Win10, right?
      My Computers


  8. Posts : 214
    Windows 10
       #8

    Even if it's not included in Windows 10 and is discontinued, there are still people who use that software and prefer it to the alternatives. You'd be surprised how many people worldwide are using discontinued and outdated Microsoft software because they prefer to.

    In British English the word centre should be used. American English which is an attempt to standardise and simplify spellings to make english more palatable to a foreign audience, uses center in both contexts, when in British English the word center should only be used in regards to an item's positioning.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:30.
Find Us




Windows 10 Forums