Switching to a new hashing algorithm from the beginning of 2016 may complicate access to popular resources for users
Welcome to the iCover Blog Pages ! Did you know that in the coming year, tens of millions of users around the world may encounter problems trying to access the most popular resources, including: Gmail, Google, Facebook, Microsoft and Twitter. And the reason is that the SHA-1 cryptographic hash algorithm, which has been providing web security for at least a decade, is being prepared at an accelerated pace for a well-deserved rest. A worthy replacement for the obsolete version of the algorithm is its next generation SHA-2. The likely consequences of this event for the average user will be discussed in our article.
So, from January 1, 2016, the issuance of SSL certificates with support for the SHA-1 hash function by certification authorities will be discontinued, and certificates based on the SHA-2 hash algorithm will be offered instead.
Quick reference :
The SHA-1 algorithm (Secure Hash Algorithm Version 1 - secure hashing algorithm, version 1) was developed back in 1995. Some weaknesses of SHA-1 were discovered back in 2005. For an input message of arbitrary length (up to 2 exabytes), the algorithm generates a 160-bit hash value (digest message).
Algorithm SHA-2 (Secure Hash Algorithm Version 2 - secure hashing algorithm, version 2) - a family of cryptographic algorithms - unidirectional hash functions, combining algorithms SHA-224, SHA-256, SHA-384, SHA-512, SHA-512 / 256 and SHA-512/224, developed by the United States National Security Agency (NSA). The report was published by the National Institute of Standards and Technology in August 2002.
The SHA-2 algorithm is much more perfect and safer than its predecessor - SHA-1 with a 160-bit code, which can be cracked with a high degree of probability in the current year. However, according to the latest survey conducted by Netcraft in October and reflected in One million SSL certificates still using the “insecure” SHA-1 algorithm, about one million certificates still use the SHA-1 algorithm. From month to month, the number of resources using the SHA-1 algorithm of resources is rapidly decreasing, and by the end of the year it may well decrease to 10%.
SHA-1 vs SHA-2 (source: Netcraft SSL Survey October 2015) SHA-2 overtook SHA-1 in May 2015, but there are still almost a million 24% certificate holders using SHA-1
For many users working with upgraded versions Chrome or Firefox, new versions of the OS or smartphones of the latest generation, the transition will be painless and unnoticed, since the problem of software and hardware compatibility with both SHA-1 and SHA-2 is solved in this case.
However, according to Ivan Ristic, a leading specialist at SSL Labs at Qualys: “... Given that sites have completed migration to SHA 2 by 75%, users with older browsers are very likely to begin to experience problems already 2016 ”, adding that“ ... Windows XP SP2 and its earlier versions, as well as Android up to and including 2.2, do not support SHA-2 certificates. ”
In October of this year, IT security experts at Dutch and Singaporean universities organized an attack as part of the test, which ended with a partial cracking of the SHA-1 hash function and revealing a collision in cryptography (collision in cryptography - the presence of two identical hash values for different initial information) . This once again confirmed: the SHA-1 hash algorithm is extremely vulnerable today and it is advisable to update SLL certificates as soon as possible. The experiment and vulnerability identified at the level of the SHA-1 compression function are described in detail in the provided Freestart collision for full SHA-1 report .
Note that previously, the high probability of a successful SHA-1 hack was associated by IT specialists with 2017. However, the situation was changing rapidly and, as a number of experiments showed, for organizing and conducting partial hacking of the SHA 1 hash function, the available means turned out to be just 10 (!) Days of computing on a cluster of 64 GPUs. According to the experts who conducted the experiment, "... the cost of" work "on completely cracking the SHA-1 hash function using similar technology today can be estimated at $ 75 thousand to $ 100 thousand. Using the capabilities of graphics processors for this purpose will turn out to be quite fast, inexpensive and an effective alternative to an attack conducted using central processing units CPU ”, the report says.
The discussion on the end date of support for SHA-1 is closely tied to the results of studies of protocol vulnerabilities that indicate ever-increasing risks (see the Freestart collision for full SHA-1 report above). On the other hand, a small number of large corporate clients do not have the technical ability to switch to SHA-2 before the end of this year. In this regard, a general vote organized by Symantec and held on October 12 with the participation of Entrust, Microsoft and Trend Micro decided to extend the issuance of SHA-1 certificates with a 2016 subscription.
The October research results in the description above led scientists to the unequivocal conclusion: “... cancel the results of the recent vote in favor of issuing certificates during 2016 in connection with the results of the experiment.” Multiplying the results of these and alternative studies by the unambiguous opinion of reputable experts, the signatories changed the decision already made.
As the authorized representatives of the NSA, participating in the developer of the SHA-2 algorithm, stated, the attacks carried out by cyber-terrorists every day are becoming more effective for three reasons:
Each individually and in the aggregate considered reasons significantly increase the likelihood of hacking sites protected by SSL-certificate with SHA-1.
Meanwhile in Nist(US National Institute of Standards and Technology), along with SHA 2, recommend using the final version of the cryptographic standard with support for promising SHA-3 algorithms. The SHA-3 hash functions, according to the authors of the development, do not conflict with SHA-2, which is still strongly recommended to be used, but effectively complement it, expanding the capabilities of developers. However, most of the new SHA-2 subscriber certificates issued today (99.99%) are noted in the Netcraft publication, use SHA-256 algorithms and only a few certificates, most of which are issued by DigiCert, support SHA-384 and SHA-512.
Starting January 1, 2016, web resource owners with SHA-1 will have another year at their disposal to migrate to SHA-2. And since 2017, Firefox and Chrome, when recognizing an old certificate, will block the page, accompanying the blocking with information about an untrusted connection. If the expected attack on SHA-1 is successful, Mozilla may postpone the end date to July 2016 or earlier. Accordingly, if the validity period of the SSL certificate with the SHA-1 hash function expires in 2017 and beyond, then such certificates will be invalid from January 1, 2017, and for this reason they are recommended for replacement in advance. So now the website of the company “Deloitte” (Deloitte) with a subscription to SHA-1, valid until 2020, Google considers Google Chrome as unsafe (notes in netcraft.com).
Comprehensive, accurate and reliable information about the readiness of the transition of the user market from SHA-1 to SHA-2, alas, is absent, but according to indirect data, we can conclude that the proportion of systems that do not support SHA-2 on a global scale is quite small. At the same time, in India, China, Africa and a number of developing countries, the number of users who are not ready for such a high-quality transition amounts to tens of percent and millions.
Naturally, the transition to SHA-2 will also cause certain problems for holders of new certificates. An example that allows us to imagine the potential scale of the problems is Mozilla. So, according to Chris More, head of Firefox’s development department, updating the website with an SSL certificate with the SHA-2 hash function "... killed at least a million downloads." And this allows us to get an idea of what the total number of users who use outdated software and equipment to download websites can be.
***
Dear readers, we are always happy to meet and wait for you on the iCover blog pages! We are ready to continue to please you with our publications and will try to do everything possible to ensure that the time spent with us is pleasing to you. And, of course, do not forget to subscribe to our sections and we promise - it won’t be boring!
Our other articles and events
So, from January 1, 2016, the issuance of SSL certificates with support for the SHA-1 hash function by certification authorities will be discontinued, and certificates based on the SHA-2 hash algorithm will be offered instead.
Quick reference :
The SHA-1 algorithm (Secure Hash Algorithm Version 1 - secure hashing algorithm, version 1) was developed back in 1995. Some weaknesses of SHA-1 were discovered back in 2005. For an input message of arbitrary length (up to 2 exabytes), the algorithm generates a 160-bit hash value (digest message).
Algorithm SHA-2 (Secure Hash Algorithm Version 2 - secure hashing algorithm, version 2) - a family of cryptographic algorithms - unidirectional hash functions, combining algorithms SHA-224, SHA-256, SHA-384, SHA-512, SHA-512 / 256 and SHA-512/224, developed by the United States National Security Agency (NSA). The report was published by the National Institute of Standards and Technology in August 2002.
The SHA-2 algorithm is much more perfect and safer than its predecessor - SHA-1 with a 160-bit code, which can be cracked with a high degree of probability in the current year. However, according to the latest survey conducted by Netcraft in October and reflected in One million SSL certificates still using the “insecure” SHA-1 algorithm, about one million certificates still use the SHA-1 algorithm. From month to month, the number of resources using the SHA-1 algorithm of resources is rapidly decreasing, and by the end of the year it may well decrease to 10%.
SHA-1 vs SHA-2 (source: Netcraft SSL Survey October 2015) SHA-2 overtook SHA-1 in May 2015, but there are still almost a million 24% certificate holders using SHA-1
For many users working with upgraded versions Chrome or Firefox, new versions of the OS or smartphones of the latest generation, the transition will be painless and unnoticed, since the problem of software and hardware compatibility with both SHA-1 and SHA-2 is solved in this case.
However, according to Ivan Ristic, a leading specialist at SSL Labs at Qualys: “... Given that sites have completed migration to SHA 2 by 75%, users with older browsers are very likely to begin to experience problems already 2016 ”, adding that“ ... Windows XP SP2 and its earlier versions, as well as Android up to and including 2.2, do not support SHA-2 certificates. ”
SHA-1 attack simulation completed successfully
In October of this year, IT security experts at Dutch and Singaporean universities organized an attack as part of the test, which ended with a partial cracking of the SHA-1 hash function and revealing a collision in cryptography (collision in cryptography - the presence of two identical hash values for different initial information) . This once again confirmed: the SHA-1 hash algorithm is extremely vulnerable today and it is advisable to update SLL certificates as soon as possible. The experiment and vulnerability identified at the level of the SHA-1 compression function are described in detail in the provided Freestart collision for full SHA-1 report .
Note that previously, the high probability of a successful SHA-1 hack was associated by IT specialists with 2017. However, the situation was changing rapidly and, as a number of experiments showed, for organizing and conducting partial hacking of the SHA 1 hash function, the available means turned out to be just 10 (!) Days of computing on a cluster of 64 GPUs. According to the experts who conducted the experiment, "... the cost of" work "on completely cracking the SHA-1 hash function using similar technology today can be estimated at $ 75 thousand to $ 100 thousand. Using the capabilities of graphics processors for this purpose will turn out to be quite fast, inexpensive and an effective alternative to an attack conducted using central processing units CPU ”, the report says.
The discussion on the end date of support for SHA-1 is closely tied to the results of studies of protocol vulnerabilities that indicate ever-increasing risks (see the Freestart collision for full SHA-1 report above). On the other hand, a small number of large corporate clients do not have the technical ability to switch to SHA-2 before the end of this year. In this regard, a general vote organized by Symantec and held on October 12 with the participation of Entrust, Microsoft and Trend Micro decided to extend the issuance of SHA-1 certificates with a 2016 subscription.
The October research results in the description above led scientists to the unequivocal conclusion: “... cancel the results of the recent vote in favor of issuing certificates during 2016 in connection with the results of the experiment.” Multiplying the results of these and alternative studies by the unambiguous opinion of reputable experts, the signatories changed the decision already made.
The NSA called the reasons for the increased risk of the probability of cracking the SHA-1 hash function
As the authorized representatives of the NSA, participating in the developer of the SHA-2 algorithm, stated, the attacks carried out by cyber-terrorists every day are becoming more effective for three reasons:
- Computing performance growth, which opens up the possibility for any cryptographic attack much faster.
- The emergence of new technologies that allow not only to accelerate, but also significantly reduce the cost of hacking. (So in the case we examined, preference was given to a relatively inexpensive version of hacking using GPUs instead of CPUs).
- An exponential increase in the level of unpredictability and sophistication of cryptographic attack methodologies.
Each individually and in the aggregate considered reasons significantly increase the likelihood of hacking sites protected by SSL-certificate with SHA-1.
Meanwhile in Nist(US National Institute of Standards and Technology), along with SHA 2, recommend using the final version of the cryptographic standard with support for promising SHA-3 algorithms. The SHA-3 hash functions, according to the authors of the development, do not conflict with SHA-2, which is still strongly recommended to be used, but effectively complement it, expanding the capabilities of developers. However, most of the new SHA-2 subscriber certificates issued today (99.99%) are noted in the Netcraft publication, use SHA-256 algorithms and only a few certificates, most of which are issued by DigiCert, support SHA-384 and SHA-512.
Year-end
Starting January 1, 2016, web resource owners with SHA-1 will have another year at their disposal to migrate to SHA-2. And since 2017, Firefox and Chrome, when recognizing an old certificate, will block the page, accompanying the blocking with information about an untrusted connection. If the expected attack on SHA-1 is successful, Mozilla may postpone the end date to July 2016 or earlier. Accordingly, if the validity period of the SSL certificate with the SHA-1 hash function expires in 2017 and beyond, then such certificates will be invalid from January 1, 2017, and for this reason they are recommended for replacement in advance. So now the website of the company “Deloitte” (Deloitte) with a subscription to SHA-1, valid until 2020, Google considers Google Chrome as unsafe (notes in netcraft.com).
Comprehensive, accurate and reliable information about the readiness of the transition of the user market from SHA-1 to SHA-2, alas, is absent, but according to indirect data, we can conclude that the proportion of systems that do not support SHA-2 on a global scale is quite small. At the same time, in India, China, Africa and a number of developing countries, the number of users who are not ready for such a high-quality transition amounts to tens of percent and millions.
Naturally, the transition to SHA-2 will also cause certain problems for holders of new certificates. An example that allows us to imagine the potential scale of the problems is Mozilla. So, according to Chris More, head of Firefox’s development department, updating the website with an SSL certificate with the SHA-2 hash function "... killed at least a million downloads." And this allows us to get an idea of what the total number of users who use outdated software and equipment to download websites can be.
***
Dear readers, we are always happy to meet and wait for you on the iCover blog pages! We are ready to continue to please you with our publications and will try to do everything possible to ensure that the time spent with us is pleasing to you. And, of course, do not forget to subscribe to our sections and we promise - it won’t be boring!
Our other articles and events