SHA-2 is going to succeed SHA-1, however, it is not going to be supported on older web browsers. This should be more alarming to you than it actually sounds because when SHA-1 goes out of commission, there will be a time when users will be unable to update their web browsers to newer versions because their desktop, laptop or mobile machines will not be able to support the latest software. Alex Stamos, Facebook’s chief security office is quite concerned about the issue because according to a source, he states the following: “A disproportionate number of those people reside in developing countries, and the likely outcome in those countries will be a serious backslide in the deployment of HTTPS by governments, companies and NGOs that wish to reach their target populations.” Facebook has predicted that in the near future, between 3 and 7 percent of all web browsers will be too obsolete to use SHA-2. SHA-1 offers several security measures over its predecessor. However, SHA-1 is omnipresent in developing and in third world countries, where individuals have limited to no knowledge about web security at all. Additional statistical data suggests that SHA-2 is supported by at least 98.31 percent of browsers worldwide, and the remaining 1.69 percent comprises up of 37 million people. According to CloudFlare’s calculations, it would cost approximately $700,000 today to continue to generate SHA-1 collision. However, when the timeline reaches 2021, the expenditure figure would have dropped to about $43,000 since more and more regions would have started to adopt the SHA-2 security measure. Let us hope that Facebook and CloudFlare are able to roll out an effective campaign in which they are able to successfully convey the message to the public that SHA-1 is going to go out of commission very soon.
