New Facebook Feature Shows Actual Respect for Your Privacy | WIRED

Posted from WordPress for Android

1 Comment

  1. Tomi Engdahl says:

    Adam Gross / Facebook Developers:
    Facebook to remove support for SHA-1 certificate signatures Oct. 1, will require SHA-2

    Moving to a More Secure Standard: Please Update your Apps To Support Certificates Signed with SHA-2

    As part of our commitments to helping developers build secure apps and protecting the people who use Facebook, we’re updating our encryption requirements for Facebook-connected apps to reflect a new and more secure industry standard. As a result, apps that don’t support SHA-2 certificate signatures will no longer be able to connect to Facebook starting on October 1, 2015

    These changes are part of a broader shift in how browsers and web sites encrypt traffic to protect the contents of online communications. Typically, web browsers use a hash function to create a unique fingerprint for a chunk of data or a message.

    For the past two decades, the SHA-1 standard has been the preferred choice across the Internet for calculating message fingerprints. But after identifying security weaknesses in SHA-1, the Certificate Authority and Browser Forum recently published new Baseline Requirements for SSL recommending that all certificate authorities transition away from SHA-1 based signatures, with a full sunset date of January 1, 2016.

    We’ll be updating our servers to stop accepting SHA-1 based connections before this final date, on October 1, 2015. After that date, we’ll require apps and sites that connect to Facebook to support the more secure SHA-2 connections.


Leave a Comment

Your email address will not be published. Required fields are marked *