Reputation: 5118
SSL certificate on woothemes e-commerce website
I need to get SSL certificate for my website which is running on woothemes.
I am using FirstData as my payment gateway
GoDaddy is offering 2 types of encryption: SHA-1 or SHA-2.
Which one should apply to peroxywhite.com?
Also, should we install SSL on peroxywhite.com/cart or peroxywhite.com?
Upvotes: 0
Views: 138
Answers (1)
Reputation: 296
This is according to my knowledge
Sha1 Some collision attacks against Sha1 exist but are not currently practical as the CPU power required is estimated as costing almost $3 million for each hash.
Even if Sha1 can be considered acceptable for most uses, Sha2 is all-around a better alternative: it is just as fast, more secure, and the only potential downside is the larger space required for storing the hash. If for some reason this is a concern (we’re talking about 32 bytes instead of 20) truncating Sha2′s output is still more secure than using Sha1.
The only reason Sha1 should be chosen is for interoperability reasons.
Sha2 Sha2 is the successor of Sha1 and has 4 different variants, each with a different digest size (output size):
Sha-256 should be chosen in most cases where a high speed hash function is desired. It is considered secure with no known theoretical vulnerabilities and it has a reasonable digest size of 32 bytes. For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.
Sha-224 uses the same algorithm as Sha-256 (except for the initial seed values) simply truncating its output. It was created because its digest size has the same length as two-key Triple DES keys which can be handy.
Sha-512 is different, using 64 bit numbers and having 80 rounds (versus 32 bit numbers and 64 rounds of Sha-256). Its digest size – 64 bytes – is very large and it is probably overkill for most uses.
Sha-384 is the same as Sha-512 (again, except for the initial seed values) but truncated to reduce its digest size.
And if you observe all ecommerce web sites they will incluude ssl in the check out page only, not for the entire site. But some banking site will maintain ssl for whole website.
As peroxywhite is a ecommerce web site we can place ssl only in the checkout page ie. only in http://www.peroxywhite.com/checkout/
Upvotes: 1
Related Questions
- WooCommerce: Checkout page redirects to https on localhost
- SSL certificate on localhost not working
- Force SSL (HTTPS) only for checkout page in WooCommerce
- Prestashop and https
- After enable SSL Certificate still has SSL connect error for woocommerce checkout
- SSL connect error in woocommerce though 'Force secure checkout' is disabled
- Typing in Woocommerce checkout form causes browser to report SSL issues
- Wordpress woocomerce redirecting to https in chrome browser
- Wordpress (WooCommerce?) forces https (when it shouldn't)
- prestashop SSL configuration