Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled “Allow certificates signed using SHA-1 when issued by local trust anchors.”
Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017.
Both did so because the hashing algorithm was susceptible to collision attacks that allowed replicas to be created, a flaw that Google proved in early 2017.
'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
microsoft reprieves deprecation security baseline
