Slashdot Mirror

← Back to Stories (view on slashdot.org)

SHA-1 Cutoff Could Block Millions of Users From Encrypted Websites (csoonline.com)

Posted by Soulskill on from the privacy-versus-convenience dept.

itwbennett writes: As previously reported on Slashdot, browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function. But Facebook and CloudFlare are warning some 37 million users of old browsers and operating systems that don't support SHA-2 will be left without access to encrypted websites. The majority of them are located in some of the "poorest, most repressive, and most war-torn countries in the world," CloudFlare's CEO Matthew Prince said Wednesday in a blog post. Facebook has solved this problem by building a mechanism that allows its certificates to be switched automatically based on the browser used by the visitor.

10 of 146 comments (clear)

  1. Think of all the Oracle users? by mveloso · · Score: 4, Funny

    Some of the older Oracle products only support SHA-1. Upgrading to a newer version or Oracle will cost them millions. Won't someone think of the Oracle user base?

  2. Facebook -- ??? by plover · · Score: 3, Insightful

    So let me see if I understand Facebook's approach here: there are non-secure certificates. Facebook will fix the problem by downgrade connections to use non-secure certificates. Bad guys would never pretend to need a non-secure certificate. Therefore, Facebook remains safe?

    --
    John
    1. Re:Facebook -- ??? by Errol+backfiring · · Score: 3, Interesting

      My first thought was a kind of "degrading man in the middle" attack. Alter the requests so that non-secure certificates are negotiated, then tune in to the less secure communication while the browsers show that the connection is secure. You'd still need a lot of computing power to crack the SHA-1 encrypted stream, but for criminals, either government or otherwise, that is not a huge problem.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    2. Re:Facebook -- ??? by Anonymous Coward · · Score: 4, Insightful

      Nope.

      Here's how this spins out.

      If you got a nice shiny new SHA-2-only browser, and you go to the real Facebook, it has a SHA-2 cert and everything works, and you're safe
      If you got a crappy browser that can't handle SHA-2, and you go to the real Facebook, it shows a SHA-1 cert, which you trust, you are at risk, but only because you've got a crappy browser. Hate the risk? Get a newer browser
      If you got a nice shiny new SHA-2-only browser and a bad guy pretends to be Facebook, sends the SHA-1 cert, your browser says "Ugh, insecure, No" and you're safe and the bad guy wasted their time
      If you got a crappy browser that can't handle SHA-2 and a bad guy pretends to be Facebook, they might _if they spent a lot of money / resources_ fake you out. So you should have got a nice shiny new browser.

  3. Slashdot will remain accessible by Ksevio · · Score: 5, Insightful

    Fortunately, slashdot will remain accessible as it still hasn't entered the 2010's and added encryption yet!

  4. Re:Pretty sure... by Locke2005 · · Score: 3, Interesting

    Problem for PCs is not browser availability or cost, problem is that for some people downloading a GByte of data to install a new browser is not feasible. Also, browsers are in everything now, including smartphones, smart TVs, and Nintendo DS, so you're stuck with what the hardware vendor supplies you. (Don't get me started on my Smart TV not showing videos because most hosts support video using Adobe Flash only, and Adobe refuses to license flash to most hardware manufacturers. HTML5 has been a standard for how many years now?)

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  5. Re:Free Oracle upgrades available everywhere by mveloso · · Score: 3, Interesting

    Porting from Oracle to Postgres is free too, if you want everything to break.

  6. Re:Good by tepples · · Score: 3, Insightful

    Can't upgrade because reasons? Go cry to whomever is creating that problem for you

    Such crying would fall on deaf ears, as mobile device manufacturers routinely announced end of support not only for handsets that are still under 2-year financing but also for handsets that are still being sold in stores. And when "whomever" amounts to the "poorest, most repressive, and most war-torn countries in the world," as the article mentions, what recourse does one have?

  7. They can't do this reliably by madbrain · · Score: 3, Interesting

    The problem with that is that there is no actual way to detect that an old browser doesn't support SHA-2.
    For example, older versions of Firefox/NSS since 2003 have supported SHA-2 server certificates, but not SHA-2 in TLS cipher suites as the MAC algorithm, which wasn't specified until years later.

    The TLS ClientHello message does not specify which types of hash algorithm the client supports for certificates, only the list of cipher suites that the client supports.

    Thus, Facebook, or anyone else, has no way of determining if a client really doesn't support SHA-2 server certificates.

    What they are probably doing is assuming that clients that don't support SHA-2 MAC in TLS cipher suites . But that's a wrong assumption. Many older clients will be downgraded to SHA-1 server certificates as a result, even though they support SHA-2 certificates. And they will have no way of knowing that this happened.

    --
    -- Julien Pierre http://www.madbrain.com/blog
    1. Re:They can't do this reliably by edtice1559 · · Score: 3, Informative

      Rather than guess what they are probably doing, the source code is here. https://github.com/facebook/wa... But you were pretty close. You're right that *some* browsers that *could* get an SHA2 certificate will get the SHA1 version. An improvement would be to present the SHA2 certificate if you're sure that the browser can accept it. Otherwise show the SHA1 certificate. Put a warning page up when presenting the SHA1 certificate suggesting that people upgrade browsers. For those that have older browsers that want the SHA2 certificate but are getting an SHA1, offer an alternative like sha2.facebook.com. I imagine that this is a very small set of users. And as has been mentioned already, certificate pinning is your friend.