SHA-1 usage is one more indication that most organization aren’t putting enough emphasis on protecting the keys and certificates that serve as machine identities: SHA-1 was first tagged as weak and vulnerable back in 2005. As of January 2015, public certificate authorities were forbidden from issuing SHA-1 certs that expired after December 2016. Since 2017, the most popular web browsers have been preventing and discouraging SHA-1 use by warning users/consumers of ‘invalid certificates.’ Despite all of these efforts, we still see SHA-1 certificates deployed. The main reasons are because there are apps that still cannot support newer or stronger algorithms. In other cases, like IoT or edge-computing, resource constraints prevent the use of stronger cryptography. This new research is a reminder that this issue is not going to go away. As long as computing power continues to grow exponentially, algorithms will weaken and decay over time, this is a given. Quantum computing promises even more disruption in the future.  Read Less