Microsoft to use SHA-2 exclusively starting May 9, 2021
Published Apr 14 2021 10:02 AM 279K Views
Microsoft

As a major move to the more secure SHA-2 algorithm, Microsoft will allow the Secure Hash Algorithm 1 (SHA-1) Trusted Root Certificate Authority to expire. Beginning May 9, 2021 at 4:00 PM Pacific Time, all major Microsoft processes and services—including TLS certificates, code signing and file hashing—will use the SHA-2 algorithm exclusively.

Why are we making this change?

The SHA-1 hash algorithm has become less secure over time because of the weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not experience the same issues. As a result, we changed the signing of Windows updates to use the more secure SHA-2 algorithm exclusively in 2019 and subsequently retired all Windows-signed SHA-1 content from the Microsoft Download Center on August 3, 2020.

What does this change mean?

The Microsoft SHA-1 Trusted Root Certificate Authority expiration will impact SHA-1 certificates chained to the Microsoft SHA-1 Trusted Root Certificate Authority only. Manually installed enterprise or self-signed SHA-1 certificates will not be impacted; however we strongly encourage your organization to move to SHA-2 if you have not done so already.

Keeping you protected and productive

We expect the SHA-1 certificate expiration to be uneventful. All major applications and services have been tested, and we have conducted a broad analysis of potential issues and mitigations. If you do encounter an issue after the SHA-1 retirement, please see Issues you might encounter when SHA-1 Trusted Root Certificate Authority expires. In addition, Microsoft Customer Service & Support teams are standing by and ready to support you. 

 

12 Comments
Steel Contributor

Another XP killer i guess

Iron Contributor

Hello @Rommel_Degracia  thanks for the share. 

Copper Contributor

Hi, 

Thanks for sharing.

Keep up the good work.

R.

Copper Contributor

Windows Hyper-V Virtual Machine Connection is still use SHA1, from Windows Server 2008 to Windows 10 20h2.

Copper Contributor

Will this break early versions of Windows?

Brass Contributor

be more specific, ExtremelyBadVMUser
what versions of Windows?  any version below Windows 7 or Server 2008?

Copper Contributor

Yeah, whatever was going on with the formatting as i was trying to pick "United States from the dropdown menu instead ".Albania". Window's (whatever version) can be so rude at sometimes. 

Copper Contributor

thank  thanks for the share. 

Copper Contributor

thank you for help

Copper Contributor

Los Windos 10 y 11 de peor calidad gráfica = con el office nube que deteriora las letras (uso Nvidia alta gama); y con sistemas estos de "nubes" los propietarios de PC perdemos el dominio sobre ellos. El Office y Windows 7 SP 2 comprados desde hace 15-18 años, son de calidad muy superior en todo y en maniobrabilidad, que Win10-11 y me estoy planteando pasarme al LINUX. A Windows 10-11 me niego (ya lo tuve hace 3 meses y volví al WIN7 SP2. Una pena que Bill Gates ya no esté al frente de Microsoft.

Copper Contributor
help

This is great, hopefully will move to SHA-3 in few years since it's already available in Windows and supported by .NET.

Co-Authors
Version history
Last update:
‎Apr 14 2021 10:03 AM
Updated by: