The SHA-1 deprecation deadline: a lot of websites are not yet ready

Let’s do a recap on the situation and let’s see how to deal with migration


Last year, security researchers has demonstrated that the cost of breaking the SHA-1 cryptographic hash function is lower than previously estimated (more technical info on Bruce Schneier’s website)
This prompted an industry-wide move away from the insecure crypto function and toward the much more secure SHA-2 or SHA-3.

The team of international experts from the Centrum Wiskunde & Informatica in the Netherlands, Inria in France, and the Nanyang Technological University in Singapore have showed that in a type of attack they call a “freestart collision” the cost of an SHA-1 collision attack is currently between $75,000 and $120,000 using computing power from Amazon’s EC2 cloud over a period of a few months.
With a more powered system, like a 64-GPU cluster, the attack can be performed in 10 days.

Now, starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, and starting with that date their browsers will no longer trust sites that use SHA-1, that will be marked as insecure.


How does SHA-2 work?

SHA-2 is a mathematical mechanism. It uses a one-way algorithm to produce a string that is unique to every file.

This string — called hash — can be generated using a set of cryptography hash functions that work with multiple hash algorithms such as SHA-224, SHA-256 (most popular), SHA-384, SHA-512, SHA-512/224, SHA-512/256: a research on this algorithm shows that it’s almost impossible to break this structure of multiple hash functions and it should be fully secure for the foreseeable future.


The roadmaps of major browser vendors


Microsoft

In February 2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates.

This update will be delivered to Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7, Windows 8.1 and Windows 10, and will only impact certificates that chain to a CA in the Microsoft Trusted Root Certificate program.

An update to our SHA-1 deprecation roadmap

Google

Starting in early 2016 with Chrome version 48, Chrome will display a certificate error if it encounters a site with a leaf certificate that:

1 — is signed with a SHA-1-based signature

2 — is issued on or after January 1, 2016

3 — chains to a public CA

An update to our SHA-1 deprecation roadmap

Mozilla

[…] we planned to take a few actions with regard to SHA-1 certificates:

Show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox after January 1, 2017

An update to our SHA-1 deprecation roadmap

Apple

SSLv3 cryptographic protocol and the RC4 symmetric cipher suite are no longer supported, starting at the end of 2016. It’s recommended that you stop using the SHA-1 and 3DES cryptographic algorithms as soon as possible.

An update to our SHA-1 deprecation roadmap


How many websites are ready?


According to a research made by the cybersecurity company Venafi on over 11 million publicly visible IPv4 websites, over a third (35%) of websites are still using insecure SHA-1 certificates:

The results of our analysis clearly show that while the most popular websites have done a good job of migrating away from SHA–1 certificates, a significant portion of the Internet continues to rely on SHA–1 certificates. According to Netcraft’s September 2016 Web Server Survey, there are over 173 million active websites. Extrapolating from our results, as many as 61 million websites may be using such certificates.


How i can check if my website are still using SHA-1?

There are a lot of online services that perform this check, my favorite is

An update to our SHA-1 deprecation roadmap

How i can migrate my website to SHA-2?


It’s not really difficult.

Venafi has also published a 7-step guide to migrate websites from SHA-1 to SHA-2:

https://www.venafi.com/assets/pdf/wp/sha-1-migration-guide.pdf

But there are also a lot of simple tutorials, for example:

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap


References

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap

An update to our SHA-1 deprecation roadmap

Comments