Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

Posted by Soulskill on from the 2048-bits-ought-to-be-enough-for-anyone dept.

msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.

16 of 67 comments (clear)

  1. I'm so relieved by NotInHere · · Score: 4, Funny

    that slashdot wasn't affected by this.

  2. So 3/4 of them would have already failed? by jandrese · · Score: 4, Insightful

    It sounds from the writeup like most of the sites in question are defunct and that's why they're using out of date crypto. Few sites that people actually visit would appear to be affected.

    --

    I read the internet for the articles.
  3. FTFA by Bill,+Shooter+of+Bul · · Score: 4, Insightful

    “All major browsers will alert users of a site using an expired certificate, and of the 107k affected, only 30k were not expired, and so would no longer be trusted by Mozilla as a result of their recent change,”

    So not 107K, only 30k. And that's not a real issue. The browsers are correct, the connection isn't secure at 1024. People can complain as much as they want, trust is not something that is eternally granted without condition.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
    1. Re:FTFA by thegarbz · · Score: 3, Insightful

      trust is not something that is eternally granted without condition.

      The condition being to grease the palms of a third party?

    2. Re:FTFA by skids · · Score: 2

      People can complain as much as they want

      Yep, that about sums up the Internet.

      Only half. The other half is "and still get screwed over."

      The cert authorities as a whole, following NIST recommendations, decided to not just stop issuing 1024 certs, but also to revoke their 1024 root certs, so anything checking CRLs would just break. Months before the actual deadline. They could have just let those certs run out on schedule, but that wasn't good enough for NIST. Moreso, they could have only sold them such that they ran out on schedule (we were sold a 5-year 1024bit cert in 2009 when the deadline had been set at EOY 2011 since 2005). After an extension by NIST from EOY2011 to EOY2013, made in 2011, the number of certs issued with expiry times much past the deadline was likely pretty small (so in case the NIST estimate of when someone would have the compute power to crack our cert was off by 6 months, we had to swap it out a year early distracting us in the middle of more important things.) Anyone concerned enough to worry that an obscene amount of CPU power would be dedicated to compromising their particular cert would have changed them voluntarily, and even the laggards would have likely made it under the wire before any serious attack on their crypto infrastructure. Finally, lots of people use these certs in internal settings where the crypto isn't the sole security and the real value of the cert isn't crypto but the fact that users don't have to install a site-owned PKI CA root certificate to get the "annoying popups" to stop.

      Sooo... it was fortunate that almost nothing was checking CRLs during all that, though as a general state of affairs that also needs to be fixed.

      Oh sure, the CAs offered free bridge certs to "make up" for the whole thing. Not good enough. They should have comped an extra year on for free or something. Since they didn't there should have been class action suit to make them pay for the hassle.

      People need to quit breaking shit on a whim.

      --
      Someone had to do it.
  4. Several things might happen by Streetlight · · Score: 2

    1. If all these sites renew or get proper certificates it'll be a big improvement in cash for the Certificate Authorities.

    2. Maybe most of these un-certificated sites will disappear, though it won't mean much for internet congestion if most are not accessed anyway.

    3. Maybe swschard's comment that hackers will have a field day is true, although to what benefit to hackers or detriment to site users?

    --
    In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
  5. Good by Threni · · Score: 4, Interesting

    A browser not trusting something that's not to be trusted is a positive thing. Yes, some old sites will suffer. That's how it's supposed to work. They'd better up their game. People expect security to be take more seriously these days, as there is more at stake and more muppets with a lot of time on their hands trying to attack you.

  6. The way firefox manages this... by Skuld-Chan · · Score: 3, Insightful

    Firefox doesn't support the OS's built in certificate stores, which makes it a really big pain in the ass to manage certs yourself (like if your managing certs for firefox users at your company) - you basically have to compile certutil and write all kinds of fun scripts for client devices.

    If firefox let me co-manage certs I could just re-add the deprecated cert :).

  7. Math. by msauve · · Score: 3, Insightful

    "Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25"

    So, the headline should really say 31,000, since 76,000 shouldn't be trusted regardless of what Mozilla does.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  8. Re:oh. so nobody's actively managing them? by Charliemopps · · Score: 4, Interesting

    hackers, start your engines...

    No ones every managing them. These things are like domain names... they cost pennies and last for years... so despite their importance they fall to the bottom of businesses radar. A place I worked at a few years ago let their multi-million dollar domain expire. The registrar had been sending emails to an employee that had no longer worked there for quite a while...

    The end result? It went down on a Sunday, and one of our hourly tech support guys (Making about $10/hr at the time) figured out what happened and registered the domain on his personal credit card and redirected it because he didn't know who to call. He got dinner out with the president of the company who shook his hand, asked him politely if he'd mind transferring the domain back to the company, which he did.

    That guy, years later, ended up being my boss and making six figures. It pays to be clever on occasion. He always joked that the company could have sued him for what he did to get the domain back anyway but he was impressed the president thanked him and asked for it back personally.

  9. Re:So 1024 Bits Not Enough Now? by heypete · · Score: 5, Informative

    Symmetric and asymmetric keys are different things and have different key lengths. One cannot directly compare key sizes between two wholly different classes of ciphers. There are numerous reasons, mostly involving arcane mathematics, why asymmetric ciphers require longer key lengths than symmetric ciphers to offer similar levels of protection.

    For example, a 1024-bit RSA key (RSA is an asymmetric cipher) is essentially equivalent to an 80-bit symmetric key (AES, 3DES, etc. are symmetric ciphers). SHA1, a hashing algorithm, provides less than 80 bits of security; those wishing stronger signatures are switching to SHA-256 (which offers 128 bits of security) and SHA-512 (which offers 256 bits).

    A 2048-bit RSA key, such as those used by most CAs and web servers these days, has the same strength as a 112-bit symmetric key. NIST says they should be good enough until around 2030.

    3072-bit RSA keys offer the same strength as a 128-bit symmetric key. A whopping 15,360-bit RSA key would be needed for 256-bit security; the same level of security could be achieved with a 512-bit elliptic curve key, which would be much, much faster than such a large RSA key.

  10. Meh! by Anonymous Coward · · Score: 2, Insightful

    So basically the net effect will be another warning page to click through when visiting the sites in question? Do end users really know what any of this stuff really menas?

  11. Re:And I care about this why ?? by Nimey · · Score: 2

    If you visit an affected website in Firefox 32+ it'll warn you about the SSL certificate and you'll have to take a couple extra steps to visit it. For you it's an inconvenience, but only if you use one of these sites. For the website operator maybe it'll shame them into getting an updated certificate.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  12. Exaggerated, somewhat hysterical decision by Anonymous Coward · · Score: 2, Insightful

    RSA-1024 are still safe, despite what many fearmongers have been preaching for years. It was only a few days ago
    (http://www.newscientist.com/article/dn26135-factorisation-factory-smashes-numbercracking-record.html?cmpid=RSS|NSNS|2012-GLOBAL|online-
    news#.VAXRfDzYvyF) that a new factorization record was announced. It is a roughly 1,024-bit integer - but it took 2000 high end-PC years, and it is a Mersenne integer - orders of magnitude easier to factorize than an integer of similar size obtained as the product of two large primes, which is what one does in the RSA algorithm.

    Short of sudden, unexpected and dramatic breakthroughs in the fields of mathematical integer factorization, or quantum computing, RSA-1024 keys still have quite a few years of usefulness ahead.

    1. Re:Exaggerated, somewhat hysterical decision by Dahan · · Score: 3, Interesting

      Who cares how many "high end-PC years" it took? Nobody's going to try to factor a 1024-bit modulus using a single high-end PC. It took 4 actual years to factor 10 numbers. And why do you think someone who wants to factor the RSA modulus for a 1024-bit CA cert would have waited until today to start the process? Those certs have been around for over 10 years; if someone with enough computing power wanted to factor one, they could be done by now.

  13. Re: oh. so nobody's actively managing them? by corychristison · · Score: 3, Interesting

    Was the domain being used? Or just squatting on it?

    If you were actively using it, and it expired, you have a grace period of anywhere from 30 days to 90 days depending on the TLD, when this happened and who the registrar was/is.

    With that said, your point is completely valid. Domain names, SSL certificates, and hosting accounts tend to be forgotten. I own a web design/development/hosting company. We actively maintain records of who we need to be dealing with, as well as their managers in the event our contact stops responding. As well, we introduced a fully managed service in which we manage everything for our clients, and we send them a single monthly invoice. Because it is billed every month, their services continue to Just Workâ, and in turn we are keeping consistent contact with them.

    We have had the most problems with non-profit organizations. They are typically volunteer run, with a high turn over rate.