This site allows you to query SSL information on "public" facing sites. It 's very useful with looking at SSL information and from a hierarchical standpoint.
Take my website. SHA ssl checker shows;
NOTE: Information to include keysize and lifetime ( expiration )
This site is useful for those that don't know how to use openssl for gaining the same information. It also provide a full-tree view of all intermediates to include the rootCAs
Example, using the sslchecker website , we can easily find the key size and type and expirations.
NOTE: a child at the bottom of the tree will NEVER have an expiration longer than the parent above
To find out more about SHA1 and collisions please review the wiki link
The new crowd of website admins falls into we must must must change our keysize ( which could be a good thing ). The ole saying of; " the lock is only as good as the key " does truly apply.
You will find out that the root CAs typically are still signing off a SHA1 key at 1024bits. So they don't seem to phased by the sky is falling crowd.
But don't get too caught up on these numbers, till you pull and validate the cert in details & understand what technologies they are using.
for example sha checker and facebook
But in reality this is a mililtary grade of encryption & protection.
ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)
However, unlike the RSA and Diffie-Hellman cryptosystems that slowly succumbed to increasingly strong attack algorithms, elliptic curve cryptography has remained at its full strength since it was first presented in 1985.
For protecting both classified and unclassified National Security information, the National Security Agency has decided to move to elliptic curve based public key cryptography.
So a 256bit Elliptic Curve Key Size is in the same order as a 3K bit key based on RSA.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( $ $ )=