none
SHA-1 Strong Name Signing

    Question

  • Since SHA-1 has become obsolete for code signing does anyone know if using strong names with SHA-1 will need to be switched to SHA-256? 

    Has a deadline been set?

    Thanks,

    Tony

    Monday, February 1, 2016 7:56 PM

Answers

  • Hi ToneCold,

    This forum is discuss Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, and Visual Studio Editor.

    >>Since SHA-1 has become obsolete for code signing does anyone know if using strong names with SHA-1 will need to be switched to SHA-256? 

    As you said that the SHA-1 will be phased out and the SHA-256 will replace it. I suggest you switch the strong names assemblies with SHA-1 to SHA-256.

    >>Has a deadline been set?

    For Microsoft, it has announced that Windows will block SHA-1 signed TLS certificates starting on January 1, 2017 before. And they are now considering an accelerated timeline to deprecate SHA-1 signed TLS certificates as early as June 2016. Please refer to below blog which contains this information.

    https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/

    Best Regards,
    Weiwei

    • Marked as answer by ToneCold Tuesday, February 2, 2016 1:44 PM
    Tuesday, February 2, 2016 9:08 AM
    Moderator

All replies

  • Hi ToneCold,

    This forum is discuss Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, and Visual Studio Editor.

    >>Since SHA-1 has become obsolete for code signing does anyone know if using strong names with SHA-1 will need to be switched to SHA-256? 

    As you said that the SHA-1 will be phased out and the SHA-256 will replace it. I suggest you switch the strong names assemblies with SHA-1 to SHA-256.

    >>Has a deadline been set?

    For Microsoft, it has announced that Windows will block SHA-1 signed TLS certificates starting on January 1, 2017 before. And they are now considering an accelerated timeline to deprecate SHA-1 signed TLS certificates as early as June 2016. Please refer to below blog which contains this information.

    https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/

    Best Regards,
    Weiwei

    • Marked as answer by ToneCold Tuesday, February 2, 2016 1:44 PM
    Tuesday, February 2, 2016 9:08 AM
    Moderator
  • Thank you for your reply.
    Tuesday, February 2, 2016 1:39 PM