Skip to main content

Google Ups Chrome's Encryption Security

Certificates signed with MD (Message-Digest) version 2 (released in 1989) and 4 (released in1 995), both of which produce 128-bit hash values, are being rejected in the latest Chromium releases over delivering "fatal errors".

MD5, also a 128-bit version, results in an "interstitial warning", according to Chrome developer Peter Beverloo. Google decided to also reject RSA and DSA key with fewer than 1024 bits. The changes are in effect in Chromium 18 and Chrome 18 developer versions with a revision number of 114,432 (MD2, MD4, MD5) 114,709 (RSA, DSA) and higher.

Other recent changes in Chrome include pausing, resuming and canceling downloads via the new Download API, hardware-based video-encoding (only in Chrome OS), a 5 percent memory improvement on Chrome for Windows as well as 4 percent JavaScript speed improvement in Mozilla's Kraken benchmark