Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Google Is Pushing For a Web Free of SHA-1

Posted by Soulskill on from the collision-course dept.

An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."

8 of 108 comments (clear)

  1. SHA-1 by turkeydance · · Score: 5, Funny

    has hit the fan

  2. Deprecation shouldn't start at the browser by Anonymous Coward · · Score: 4, Insightful

    It should start at the certificate authorities. They should've been planning for sha-1 to be unsupported by x date, and not issuing certificates valid past that date.

    1. Re:Deprecation shouldn't start at the browser by nleven · · Score: 4, Insightful

      My understanding is CAs have limited interest in this matter. The product they are selling to website owners is really that green lock in the address bar. As long as that green lock icon is there, SHA1 or SHA256 won't make any difference. In this sense, deprecation should actually start at the browser.

    2. Re:Deprecation shouldn't start at the browser by Nick_Lowe712 · · Score: 4, Informative

      This clearly does not work though... Quoting Google's Adam Langley: "Unfortunately, many CAs decided to ignore it, presumably on the assumption that Microsoft would be forced to back down. We've done this dance with MD5 and 1024-bit certificates and we know how it goes. Here's a quick list of CAs that issued more than 2000 certificates extending into 2017 with SHA-1: GlobalSign nv-sa: 75,312 GoDaddy: 41,606 GeoTrust: 40,429 Comodo: 37,789 Verisign: 34,927 Terena: 9,444 Thawte: 8,735 Internet2: 8,637 Network Solutions: 8,077 Entrust: 5,542 AlphaSSL: 3,458 We would all have liked CAs to have acted either when the Baseline was updated (2011) or when Microsoft laid down dates (Nov 2013) or when Chrome talked about doing this at the CA/B Forum meeting earlier this year. It is unfortunate that that 2016/2017 dates are being ignored. If you run a site and want to be insulated from this sort you might want to consider getting one year certificates. CAs like to sell multiple years of course but doing renewal once every three (or more) years means that you have a significant risk of loosing the institutional knowledge of how to do it. (E.g. the renewal remainder email goes to someone who left last year and you then have a panic when it expires). Additionally, very long lived certificates are not insulated from from these sorts of changes and you may need to replace them during their lifetime anyway." https://news.ycombinator.com/i...

  3. First movers nothing. by Anonymous Coward · · Score: 5, Interesting

    First movers nothing. Firefox 32 just released, and it deprecated a bunch of certs without any real warning at all, causing some users to get mad (http://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/). Google waited for Mozilla to take the risk while planning to safely tell the user that the site is running outdated SHA-1 certs. Stop trying to paint them as heroes, they're just one of the players, and not even at the forefront of the effort.

  4. SHA-3 by Anonymous Coward · · Score: 5, Insightful

    Wouldn't now be the time to push toward a transition to SHA-3, rather than SHA-2? I realize SHA-2 implementations are much more common. But 1) SHA-2 was handed down from the NSA and 2) is in the same family as MD5 and SHA-1.

    Considering 1) the recent NSA scandals, 2) that SHA-3 was independently developed and won a public competition, and 2) that SHA-3 uses a newer family of one-hash algorithms which is provably more secure than SHA-2, it would seem prudent to use momentum to move to SHA-3 sooner rather than later.

  5. Uhh yeah by Lirodon · · Score: 4, Informative

    Implying only Google is doing this. Microsoft is doing it too, and a Firefox bug has made a similar proposal shortly after said announcement. https://bugzilla.mozilla.org/s...

  6. https://www.google.com using SHA-1 by WaffleMonster · · Score: 5, Interesting

    Amazing www.google.com and every single link in its trust chain is using SHA-1 signature algorithm.