Posted on 03/17/2017 3:32:11 PM PDT by NYAmerican
My apologies if this topic has been covered, I did a search and couldn't find it. Using Chrome, when I click on the "Donate Now" link, I get a message from Chrome: "Your connection is not private. Attackers might be trying to steal your information from secure.freerepublic.com (for example, passwords, messages, or credit cards). Net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM"
I assume this message is nonsense, but just wondering what the deal is.
I got a similar message when logging in on Firefox.
ERIC SCHMIDT IS SMILING. :)
I did too, for the first time today, just trying to log on to FR.
Use IE or Edge.
It’s been addressed here, several times.
Maybe, if Jim is on line, he’ll explain the issue, one more time.
I found one of the links where Jim explains the issue.
“The problem is that Google, and now possibly Firefox, are “deprecating” their support for industry standard SHA-1 certificates:
https://security.googleblog.com/2016/11/sha-1-certificates-in-chrome.html
John will eventually install a new SHA-2 certificate after he works out a couple other pressing issues, meanwhile, our SHA-1 certificate is current and is still valid (despite Google’s warning message) and our secure server continues to encrypt our transactions as before.
You can click “Advanced” at the bottom of the warning message and override Google’s erroneous “Not secure” message.
Or you can try a browser like Edge (default browser delivered with windows 10) and it works fine without the warning message.
Thank you very much.”
http://www.freerepublic.com/focus/bloggers/3531442/posts?page=7#7
Thanks!
;-)
Thanks for that. It has only happened that one time, when I used Firefox. Hasn’t happened, to me, with any other browsers.
Further info:
“Now that you have the appropriate background, we can get on to the star of the show.
“As I said earlier, SHA stands for Secure Hashing Algorithm. SHA-1 and SHA-2 are two different versions of that algorithm. They differ in both construction (how the resulting hash is created from the original data) and in the bit-length of the signature. You should think of SHA-2 as the successor to SHA-1, as it is an overall improvement.
“Primarily, people focus on the bit-length as the important distinction. SHA-1 is a 160-bit hash. SHA-2 is actually a “family” of hashes and comes in a variety of lengths, the most popular being 256-bit.
The variety of SHA-2 hashes can lead to a bit of confusion, as websites and authors express them differently. If you see “SHA-2,” “SHA-256” or “SHA-256 bit,” those names are referring to the same thing. If you see “SHA-224,” “SHA-384,” or “SHA-512,” those are referring to the alternate bit-lengths of SHA-2. You may also see some sites being more explicit and writing out both the algorithm and bit-length, such as “SHA-2 384.”
“The SSL industry has picked SHA as their hashing algorithm for digital signatures. From 2011 to 2015, SHA-1 was the primary algorithm. A growing body of research showing the weaknesses of SHA-1 prompted a revaluation. From 2016 onward, SHA-2 is the new standard. If you are receiving a certificate today it must be using that signature at a minimum.
“Occasionally you will see certificates using SHA-2 384-bit. You will rarely see the 224-bit variety, which is not approved for use with publicly trusted certificates, or the 512-bit variety which is less widely supported by software.
“SHA-2 will likely remain in use for at least five years. However, some unexpected attack against the algorithm could be discovered which would prompt an earlier transition.
My Fire Fox did that too on FreeRepublic and I emailed Jim Thompson, oops I mean Jim Robinson a few weeks ago.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.