One out of Seven SSL certificates are weak : Netcraft
How secure your website?, asks Netcraft network-monitoring firm. According to the reports from Netcraft, one out of seven SSL (Secure Socket Layer) Digital Certificates are weak.
According to the survey by Netcraft, the vast certificates in the internet issued by RapidSSL – now owned by VeriSign are prone to security risk. They use the weak MD5 hashing algorithm. Very recently, the group of reasearch claimed that they are successfully able to create rogue certificate authority.
VeriSign, Inc, the owner of RapidSSL has responded to this survey. “After the security leak in MD5, we have stopped using MD5 hashing”, said VeriSign. Other affected CAs are likely to follow suit, as SHA1 is well established and is already in use for the majority of SSL certificate signing, so it should be simple to switch to using this more secure alternative.
According the survery results, almost six certificates authorities are using MD5 hasing algorithms after knowing the weakness of MD5 in 2008. The researchers of the survery said, they have analyzed almost 30,000 certificates in the internet & found 30 % of them are using MD5 hashing to issue certificates. Because of the popularity of RapidSSL, they are accounted about 90% of certificates using MD5.