The SHA-2 certificate signatures will replace those signed with SHA-1 and apps that use SHA-1 after October won’t work on #facebook anymore, Adam Gross, a production engineer at the company, stated a blog post.
“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote. SHA-1 has been considered weak for about a decade. Researchers have shown it is possible to create a forged digital certificate that carries the same SHA-1 hash as legitimate one.
Leave a reply