Digital signatures and Certificate made Bitcointalk documents secured...

[Zilon]

These days digital signatures which uses mathematical approach are widely used to verify and authenticate the validity and integrity of many digital properties like: websites, Documents, softwares, communications and currencies using key pairs, they use digital signatures with hidden messages usually in a hexadecimal format connected securely to the keys of the signer and can only be decrypted by it's corresponding key in a recorded transaction. This documents can be signed(encrypted) by either private or public keys and decrypted by the corresponding public or private key depending on which was used.

While digital certificates are files or electronic passwords that embraces cryptographic hashes and public key infrastructure to authenticate the validity of a device, server or user (PKI). Public key infrastructure (PKI) governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications and are widely acknowledged protocol for digital signatures.

Certification Authorities
SHA-256 are secure Hash Algorithm used as the preferred hash function to secure most digital documents and after the ban of SHA-1 since it is vulnerable to attacks, digital authorities switched to SHA-256 hash and ECDSA but still wondered why Baltimore CyberTrust Root still issue SHA-1 with RSA encrypted hashes in its certificate to bitcointalk. RSA are secured but how about SHA1

SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016,

How to check the certification of Bitcointalk

• Web addresses with padlock at the right edge of the url proves validity of the sites certification and quick way to tell if the site is certified or not. To check the validity documentation click on the padlock at the edge of the url.

• Next tap on certification to provide the companies that issued the certification to the forum this is also applied to every website on the internet

• There are three certifications for the forum address each having it's own unique certificate

• check the detail of each certificate authorities to view their certification then

• From there you scroll down to see the digital signature algorithm used by each certification authority

still wondering why this has to use SHA1






[/list]

Always check for this padlock at the url to ensure the sites you are visiting are well validated and secure and that they use SHA256 signature algorithm.
source: link

[jackg]

256 byte keys are big afaik, rsa is secure at 2000+ bytes (and are theoretically cinsidered that secure for 10 years).

Have you opened this site in the console bit? I used to get warnings on Firefox if sites used sha1 for some things but there's a difference with using sha1 for the encryption algorithm/ie cryptographically signing things and signing sha1 documents with your private key and using it for generating a checksum.

MD4 can be used in some circumstances for checksums too. It might be faster for larger inputs and hard to bruteforce (if you have to include authentic data) - I'd prefer more checksums than fewer.

If someone wanted to launch an attack on bitcointalk, they wouldn't be able to attack much afaik especially for logged in users but I'm not sure if entropy bytes are signed too for pages that are publicly accessible (like the login page). If server time or something is also signed then an attack on those would be impossible.

Edit: thinking about it, there are time errors you can get when connecting to sites using https so it's likely impossible to believably bruteforce.

[SquirrelJulietGarden]

SSL vs. TLS and difference with very detailed explanation on differences between two certificates.

A certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all.

[Zilon]

SSL vs. TLS and difference with very detailed explanation on differences between two certificates.

A certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all.

I didn't go into much details to describe the types of certificates this authorities provide because a thread has already been created on that and will make this long and boring. I centered more the Hash function used for details about certification types the link you provided serves the purpose

[BitcoinGirl.Club]

A certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all.

These days any site can have SSL. SSL ensures encrypted data from the hosting server to client browser. A site can have SSL but still it can be used for illegal activities like having a phishing site.

The only secure practice in my opinion is to know the domain name. Memorize it or save it on your browser. You can save it in a file too. Google is always unsafe. Many people go to google and search for the domain name. Scammers rank up their domain for the domain name people search and users reach to the scammers site. This is how regular hacks happens.

[vv181]

still wondered why Baltimore CyberTrust Root still issue SHA-1 with RSA encrypted hashes in its certificate to bitcointalk.

• From there you scroll down to see the digital signature algorithm used by each certification authority

still wondering why this has to use SHA1

Root certificate are being used only to verify the issuer of intermediary of the TLS certs, which in this case Cloudflare. It is being shipped by default within a browser or an OS. Many sites e.g. Google, DDG, and Binance are also using SHA-1 with RSA encryption, as its root cert.

I don't know the security importance of it in the process of the whole of how SSL/TLS works. But from my understanding, it's the way it is.

For a further reference of how it being used and why it still used, I suggest see: Why is it fine for certificates above the end-entity certificate to be SHA-1 based?