Microsoft announced this week plans to remove all Windows-related file downloads from the Microsoft Download Center that are cryptographically signed with the Secure Hash Algorithm 1 (SHA-1). From a report:
The files will be removed next Monday, on August 3, the company said on Tuesday. The OS maker cited the security of the SHA-1 algorithm for the move. “SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks,” it said. Most software companies have recently begun abandoning the SHA-1 algorithm after a team of academics broke the SHA-1 hashing function at a theoretical level in February 2016.