Microsoft will no longer use SHA-1 Trusted Root Certificate Authority from May 9th

Microsoft has previously announced that some of the built-in root certificates of the Windows 10 series are about to expire, but Microsoft will not renew these certificates.

The reason is that these root certificates use the outdated SHA-1 algorithm. Because the algorithm is not secure enough, Microsoft will comprehensively upgrade to a subsequent, more secure version.

The subsequent versions here refer to the SHA-2 series of algorithms, including SHA-224, SHA-256, SHA-384-, SHA-512/224, and 512/256.

Microsoft may mainly use SHA-256 or higher algorithm standards to generate TLS certificates, program and code signatures, and file hash verification.

Microsoft posted a blog in the technical community stating that the company has decided to fully switch to the SHA-2 algorithm from May 9, 2021, and no longer use the outdated SHA-1 algorithm.

The reason for this change is that the old version of the algorithm has weaknesses and the appearance of high-performance processors, making these outdated algorithms more and more easily cracked and therefore no longer secure.

It is also true that Microsoft will use the SHA-2 algorithm for verification of cumulative updates as early as 2019, and the patch library will no longer provide SHA-1 values ​​from 2020.

In the future, Microsoft will use new algorithms in many aspects of its TLS certificate, code signing, and file verification. At the same time, it will completely abandon the old algorithm and no longer provide updates.