Mozilla 1024-Bit Cert Deprecation Leaves 107000 Sites Untrusted

With the launch of new version of the Mozilla Firefox browser v32, Mozilla team had made another announcement with that. Mozilla officially ended its support of 1024-bit certificate authority certificates in its trusted store. This is because it is considered that the 1024-bit RSA key can be cracked.

Mozilla team have got advised from many of the important organisation to implement 2048-bit keys or higher for the security purpose. Along with Mozilla, Microsoft have also made a changes to its certificate key length and Google is also to followed this.
Mozilla team had not only removes 1024-bits keys from Firefox but also from Thunderbird browser too. Due of NSA and other Intelligence Surveillance activities to crack digital keys made Mozilla to implement stronger digital certificates.

Regarding the moves to the upgrade version of the digital certificates Paid7 team have published a report yesterday, which states that  about 107,000 sites will affected by Mozilla's change. Project Sonar indexes close to 20 million websites, and the scan listed 107,535 sites using a cert signed by what will soon be an untrusted CA certificate, half a percent of the websites in the Project Sonar database. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.

Moore said that with this Mozilla's change, all major browser will alert users for the expired certificate. Totally 30,000 sites will not expire out of 107,000 sites.

“Users can choose to ignore an expired certificate in most browsers, but the dialogs presented to the user look similar to any other invalid certificate. Unfortunately, most people will click through anyway.” - he added.

Along with this, Google Chrome is the another popular browser and Google will soon remove old certificates. With some of the sources its says that, Google Chromium project [Chrome's open source base] developers want to remove 1024-bit CA certificates as soon as possible, but are still concerned about the number of web sites that would be affected.