Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Google Is Pushing For a Web Free of SHA-1

Posted by Soulskill on from the collision-course dept.

An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."

9 of 108 comments (clear)

  1. Re:SHA1 is not encryption by stoploss · · Score: 3, Informative

    The summary writers really need to stop adding terminology willy-nilly. SHA1 is a hashing function, not an encryption.

    Yes, SHA-1 is a hashing algorithm, and anyone even remotely confused about the distinction should avert their eyes and NOT click on this link to an elucidating comment from a few years ago that indicated something... rather surprising... about the nature of hashing and encryption.

    Strange, eh?

  2. Uhh yeah by Lirodon · · Score: 4, Informative

    Implying only Google is doing this. Microsoft is doing it too, and a Firefox bug has made a similar proposal shortly after said announcement. https://bugzilla.mozilla.org/s...

  3. The Real Reason? by Anonymous Coward · · Score: 0, Informative

    The announcement from Chromes mailling list:
    https://groups.google.com/a/ch...

    Link to mailling list archive: https://groups.google.com/a/ch...

    The real reason is Ryan Sleevi does not want to talk about is this brilliant idea he poo-pooed: https://groups.google.com/a/ch...

    He just divert attention from that.

  4. Re:Deprecation shouldn't start at the browser by WaffleMonster · · Score: 3, Informative

    It should start at the certificate authorities. They should've been planning for sha-1 to be unsupported by x date, and not issuing certificates valid past that date.

    Certificate authorities roots also use SHA1 and typically carry validity periods of decades.

  5. Re:https://www.google.com using SHA-1 by return+42 · · Score: 3, Informative

    True. As mentioned in the article and a linked tweet, Google plans to migrate to SHA-256 by the end of 2015. Why it will take them so long is not stated.

    In the meantime, their certificates only last three months. Probably only NSA and GCHQ could forge a cert in that short a time — and they don't need to. (Though I'm sure they would prefer a nice quiet forgery to issuing an order that someone might blow the whistle about.)

  6. Re: Dip Shit Alert! It's a hash not crypto! by owlstead · · Score: 3, Informative

    Hash is crypto. Its not encryption although with a bit of effort it can be turned into a stream cipher.

  7. Thats rich comming from Google, they sure love RC4 by citizenr · · Score: 3, Informative

    Google still REQUIRES RC4 for Youtube.

    https://news.ycombinator.com/i...

    --
    Who logs in to gdm? Not I, said the duck.
  8. Re:SHA-3 by Anonymous Coward · · Score: 2, Informative

    Interesting, didn't know that XP doesn't support SHA-2.

    Read the post again: XP sp2 doesn't support SHA-2.

    XP with sp3 does - I just tried it with a sha256 certificate.

    As certs will have to move to SHA-2 or above, that means the XP users won't be able to connect any more - not an issue as far as I am concerned

    Some of us want to have a website to serve all paying customers, even if they use an old operating system.

    Amazon is probably the best example - any browser can shop on Amazon, since long ago Amazon realized that annoying their customers with the latest buzzword ajax "responsive" junk doesn't sell their product.

  9. Re:Deprecation shouldn't start at the browser by Nick_Lowe712 · · Score: 4, Informative

    This clearly does not work though... Quoting Google's Adam Langley: "Unfortunately, many CAs decided to ignore it, presumably on the assumption that Microsoft would be forced to back down. We've done this dance with MD5 and 1024-bit certificates and we know how it goes. Here's a quick list of CAs that issued more than 2000 certificates extending into 2017 with SHA-1: GlobalSign nv-sa: 75,312 GoDaddy: 41,606 GeoTrust: 40,429 Comodo: 37,789 Verisign: 34,927 Terena: 9,444 Thawte: 8,735 Internet2: 8,637 Network Solutions: 8,077 Entrust: 5,542 AlphaSSL: 3,458 We would all have liked CAs to have acted either when the Baseline was updated (2011) or when Microsoft laid down dates (Nov 2013) or when Chrome talked about doing this at the CA/B Forum meeting earlier this year. It is unfortunate that that 2016/2017 dates are being ignored. If you run a site and want to be insulated from this sort you might want to consider getting one year certificates. CAs like to sell multiple years of course but doing renewal once every three (or more) years means that you have a significant risk of loosing the institutional knowledge of how to do it. (E.g. the renewal remainder email goes to someone who left last year and you then have a panic when it expires). Additionally, very long lived certificates are not insulated from from these sorts of changes and you may need to replace them during their lifetime anyway." https://news.ycombinator.com/i...