[breadtk]

Facebook's user base as of January 2014 was at 1.24B monthly users[1]. According to FB's post, up to 7% of their users do not support SHA2 certs. This would mean approximately 86.8m FB users alone would affected by full-stop SHA1 degradation. I'm happy to see FB has implemented a mechanism selective cert selection and other organizations that care about their user's security ought to look at them for a model on how to approach this methodically.

SHA1 isn't great, but it is certainly better than plaintext communications.

[1] http://thenextweb.com/facebook/2014/01/29/facebook-passes-1-...

[cdcarter]

If it's broken (which it is), it is no better than plaintext.

[breadtk]

It isn't _completely_ broken. That is why FB is still advocating for a two tiered approach (SHA2 when possible, SHA1 everywhere else). SHA1 hash collisions are indeed now within the range of well funded governments, but it is not within the range of your average script kiddie to find possible collisions. To prove my point, I'd ask you to find an arbitrary Root CA cert which uses SHA1 hash and attempt to clone it. I think you'll find that this takes still a considerable amount of effort and/or it is completely out of reach.

I should be clear that SHA1 shouldn't be used for cryptographic purposes that require high amount of trust, but for your average everyday FB status updates it is probably fine when coupled with other protections.

[mehrdada]

I'm personally on your side of the argument and against Facebook's stance, but this statement is strictly speaking not true. At worst, it will be equivalent to protection provided by an encryption scheme without authenticating the other party and it defeats passive attackers. That's not quite as bad as sending plaintext (in practice, it is much much better when it applies to the internet broadly: cf. firesheep).

P.S. that's basically the state of SMTP encryption, which is quite sad.