Update to SSL Certificate: Migrating from SHA-1 to SHA-256

By April 13, 2015 Security News 5 Comments

A news bulletin for the LastPass community:

In our ongoing effort to provide the best security for LastPass users, our SSL certificate for LastPass.com will be transitioned tonight from an SHA-1 certificate to an SHA-256 certificate. Ours will continue to be a Thawte Extended Validation Certificate (EV).

Why now? We started this process last year, but due to the ongoing use of older versions of XP our efforts stalled. Now that Google and others are proactively pushing SHA-256, we’re confident that we can transition with minimal impact on our community.

All changes will happen behind-the-scenes, so LastPass users shouldn’t encounter any problems or interruptions to the service. Reports or concerns? Please let us know in the comments below or get in touch with our support team.


Wondering what the fuss is about?

You know to look for the “lock” icon and HTTPS at the beginning of a website’s URL. Those details indicate that you’re on a secure connection to a website. That secure connection is created with an SSL certificate (lending the “S” to HTTPS). The SSL certificate, issued by a Certificate Authority (CA), encrypts your connection and verifies you’ve connected to the real website.

The CA condenses the certificate by running it through a one-way hashing algorithm, then cryptographically “signs” that condensed version of the certificate. Most websites that use SSL use the algorithm SHA to create that hash, with SHA-1 being the most widely used. The one-way hashes are unique to every website certificate. When your browser is evaluating a website’s certificate, it calculates the SHA-1 hash itself, then compares it to the signed hash that the website offers as verification. If they match, the browser gives a green light and you know your information is safe.

The problem is that SHA-1 is not as strong as it once was. Now that computers are faster and cheaper, the risk is increasing that attackers could forge a certificate and trick the browser into thinking that it’s connecting to the right website.

Vendors are now transitioning to the stronger next-generation algorithm SHA-2 to increase security and protect against attacks. SHA-2 creates longer hashes and is currently resistant to the attacks that SHA-1 is vulnerable to. If you use Chrome, you may have started seeing certificate warnings with yellow lock icons, which is part of Google’s effort to sunset SHA-1 certificates and move the web forward with SHA-2.

At the end of the day, the transition doesn’t impact your experience as a LastPass user, but furthers our mission to keep your data safe as the web evolves. It’s the same LastPass, with even better security.


Thanks for tuning in,

The LastPass Team


  • Jonte says:

    When will you update the SSL Certificate on https://lastpass.eu/ ?

  • John Doe says:

    Could you post the hash for your new certificate?

  • Jason says:

    Why not enable phasing of the SHA-512 instead of SHA-256 to make it even more secure?

    Also, why not implement increasing bits of encryption with a reverse encryption strength after so long? I am talking about something like this below:

    Password Length = 8 Characters

    Character 1 = 256-bit Encryption
    Character 2 = 512-bit Encryption


    Character 7 = 8192-bit Encryption
    Character 8 = 4096-bit Encryption

    As you may have noticed the strength of the bits used for Encryption doubled with each additional Character. You may have also noticed that the final Character actually reversed the strength of the bits used for Encryption to a value lower than the previous Character. This might seem easier to crack using a hacking program since the Encryption strength of the bits for the final Character is lower than the previous Character.

    However, that is not the case at all. When a hacking program is cracking Encryption in this manner it can “discover” the total number of Characters (8 here) along with the doubling of the Encryption strength of the bits. This hacking program can logically determine that the final Character will have an Encryption strength of 16384 bits using the simple formula of the Encryption being doubled for each Character, with a starting value of 256-bits, and a total of 8 Characters.

    The problem the hacking program will have is that for the final Character (#8), it will be trying to crack an Encryption with a value of 16384 bits. The hacking program will not be successful since it is impossible to crack something that is not there logically. The most advanced hacking programs will restart the entire hacking process of cracking everything just to run into the same problem over and over.

    Every hacking program I have ever seen being used, read about, or tested myself have been unable to figure this out. My last time in college (3rd time for a 3rd Degree) I took a course in Ethical Hacking. My instructor was/is a CEH as well as an LPT and she said that this technique would be very difficult to implement, but would make a system/network virtually unhackable currently.

    • Joe Siegrist says:

      Jason – this is the hash of the cert, we think sha256 is strong enough that no one will be able to create a collision attack against it in the next 9 months before we replace it — at that time we’ll analyze and test if sha512 is viable — I’m not sure our CA even supports it yet.

      Regarding your crypto idea — we’re not planning on doing anything experimental with crypto at LastPass — we want to use trusted well tested standards that the entire community agree are safe. It’s too easy to make mistakes which could make people vulnerable.