Slashdot Mirror
Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff (blogspot.com)
itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates.
Is irrelevant!
Sha-1 has been considered weak for years now. How is that early?
We've been bullied by people telling us they are making changes for our own good for years. You aren't the first, Microsoft wasn't either but they are the most recent example on your scale.
You'll become irrelevant too if you keep pushing shit that people don't like.
You want to promote better security, I'm right there with you.
You want to cut off older technology, using security as an excuse for forced upgrades ... well, you can go fuck yourself.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Good grief 15 years is a long time in technology. A very very long time. This platform has required workaround upon work around for over 10 years now.
The only reason die hards say it is not obsolete and great do not see what crippling and sacrifices are made just to bring a web page to render. Meanwhile the rest of us have inferior sites and products thanks to these cheap skates.
Time to move on. Maybe these poor Chinese will install Linux if they have very very old hardware? Anything from 2008 and newer can run a more secure and modern system
http://saveie6.com/
"Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates."
that's ok - because they can just throw away perfectly good hardware because the software's out-of-date, discarding the older stuff in the hope that it doesn't end up in landfill but ends up in the developing world just like we do. wait... we're *already* talking about the developing world. so that means there's no fall-back - no incentive for the endless cycle of high-profit-with-bugs-and-security-vulnerabilities-so-you-buy-a-new-one, because there's not enough profit made from the sale of newer hardware in the developing market to justify pursuing it.
i _would_ recommend, at this point, that modular phones would be a good idea... except that if you now look at phonebloks you'll see that there's currently *six* separate and distinct, totally incompatible and entirely *not* open (i.e. not royalty-free, not patent-licensing-free etc.) hardware or open standard modular interoperable mobile phones.
plus, phones are not the only products that are insecure here: what about desktops, laptops and so on? it's not just the proprietary phones and proprietary tablets that will be *unable* to be upgraded because in order to effect an upgrade, it's likely that the entire OS will need to be replaced, it's *all* the computing devices that are hit by this problem.
as techies here on slashdot we understand that software keeps getting more and more complex, and that to recompile just one component (a security library) whilst keeping all the other, older components exactly the same is an extremely time-consuming software engineering task that NO PROPRIETARY HARDWARE VENDOR is going to commit to. in many cases they literally can't, especially the chinese OEMs, because the "O" for "originality" is a total sham in china: they receive binary-only (GPL-violating) distributions from an extremely secretive SoC manufacturer's close handful of partners, along with a Hardware Reference Design... and that's the end of the matter. they don't *HAVE* the source code. they *CAN'T* make the software upgrades even if they had customers willing to pay for the software engineers to do it.
so the only remaining choice, if the software cannot be upgraded, is to upgrade the hardware. and there literally isn't anyone except myself working on modular upgradeable computing appliances like laptops, desktops and so on. i've been looking for years, and i've even approached large companies: they've *actively* stated that they're not interested - the only reason i can think of is that they perceive there isn't enough guaranteed profit in modular computing because a competitor could come along and wipe them out with a faster or better compatible upgrade than they could produce in time. especially a chinese clone manufacturer.
so we're caught between a rock and a hard place, here. the current manufacturing-consumer cycle is highly-optimised for us in the 1st world, and we're effectively sleep-walking as to the consequences for ourselves and the rest of the world (which is just as the manufacturers want it) i outline this in more detail in a white paper i've written (below) - if in reading this you fully understand both the consequences and the nature of the problem and would like to do something about it, do contact me: i have some sponsors already and am open to more.
http://rhombus-tech.net/whitep...
I have a printer that uses outdated crypto sitting on a VLAN only accessible from by internal computers. Because the powers that be have decided that it's insecure, I have to turn off https.... I just want to make sure that my recipe printed from my tablet before hauling my butt from the kitchen to the office.
Show a scary warning or something. But slightly weak crypto is better than pushing people to not use it.
Isn't the option of sticking with SHA-1 essentially the same as saying, let's not use crypto?
Can't it easily be considered worse to developing countries to say "you are safe, because we use crypto", when in truth you mean "you are not safe, because we don't use functional crypto"?
The issue they face is not having access to functional crypto. It is not an issue of vendors taking crypto away. SHA-1 is broken, so it isn't an option for functional crypto, no matter if developing countries have access to it, SHA-2, neither, or both!
Some of the talk about SHA-1 cutoff has been in terms of "Should we break the intertubes for the poor people who can't upgrade?"
Remember; we really don't have that choice. SHA-1 is doing the mathematical equivalent of creaking, groaning, and starting to splinter under load. Our choice is not whether to break SHA-1 or not; it is whether or not to pretend that SHA-1 isn't dangerously precarious.
It's like telling a structural engineer "We can't close that bridge! People need it to cross the river!". That's exactly why we must close the bridge; because if we don't there will be people on it when it falls into the river.
(That said, in environments where security is provided by other means, say a suitably isolated management-only network, there will continue to be a need for browsers that can interact with pitifully outdated SSL implementations for some time to come, probably a disgustingly long time; just as various ancient JVMs are currently kept around to interact with assorted horrible management interfaces, network KVMs, and the like. In practice, since virtualization is so cheap and such legacy systems should be kept the hell away from the internet, we'll probably just end up using an old browser version on a VM that is firewalled from everything except the legacy devices it is used to manage; but there will be places where compatibility will require accepting a known-pitiful authentication mechanism; but such environments should treat that mechanism purely as an archaic quirk, not as any sort of substitute for security.)
Hasn't LibreSSL just removed SHA-0 decades after it got deprecated ?
Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto. Therefore either those people are screwed by being cut off, or the entire world is screwed by broken crypto. Note that this situation damages third parties.
The right answer is for governments to do their job and set some rules in the marketplace. I suggest these:
If you sell something, you are responsible for its software in perpetuity. You will release timely updates at no charge. When you stop releasing updates, even if it's been 50 years and even if the reason is that you're going out of business completely, you will unlock the devices and release full source code, documentation, and any necessary tool chain. You will also waive any IPR you have that might impede somebody else from releasing updates. And no, it is not enough to just let Grandma off in her village compile her own update; you have to let anybody who wants to distribute to her.
That's criminal law. If you don't do those things, those responsible for making that decision will go to prison. AND you will be civilly liable to anybody who's damaged by your failure.
Another possible item: If you own something and connect it to the Internet, you are civilly responsible for due diligence. Those updates the manufacturer provides? If you don't install them, and don't isolate the device properly, and your device gets used to hurt somebody else, you pay all their costs. Your un-updated phone got used to hack Intel? Hope you have liability insurance...
Google's Android toolkit is unsigned, so I find Google's world view uneven at best.
They can issue their own certificates. and downloads of apps are signed, yet the toolkit to make those apps downloads unsigned,
Eclipse warns you about it when you try to install their developer kit on Eclipse, and there's nothing you can do to fix it. Well you could check the SH1 of the installer!
millions of people in developing countries that still use browsers and operating systems that do not support SHA-2
A.K.A: botnets?
Are you still using WEP? You would think people would be more concerned about security with all the hacks every 15 minutes actually getting media attention.
In the States we don't spend until after the collapse. And even then it's only because we need to put the bridge back up.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
https://bugzilla.mozilla.org/s...
Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1?
To quote Michael Staruch from the above link: It looked more like attempts to discredit DHE and push everyone into ECC. And I am not so sure if that's best way to protect our privacy, especially with multiple TLS clients supporting only NSA Suite B curves.
Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to something else (with a second connection, if necessary) if weak dhparams are used by the server.
-=Lothsahn=-
What Mozilla, Microsoft, and Google do is largely irrelevant for adoption of standards. The adoption laggards are government-space IT, and they are still mandating support for 3DES and vendors still offer it to be able to meet procurement requirements. While Google can grandstand all they want, big fed-space vendors like CISCO will be offering SHA1 for decades to come. This means it is, and will be supported by default by a vast majority of networking infrastructure transporting and managing vast majority of data traveling through every network out there.
That aside, SHA1 is still part of mandatory TLS 1.0 ciphersuites, you can't deprecate it and still support TLS 1.0. There are also lots of issues with RSA and non-SHA1 diffie-hellman. As such, there are plenty of technical issues that still have to be solved prior to be able to drop it.
When MS shuts off SHA-1 on July 1st, Windows 10 will still be free.
For one more month. I remember reading that Microsoft announced that the offer to upgrade compatible PCs with valid a Windows 7 or 8.1 license to Windows 10 without charge would be available only for the first year after the release of Windows 10. This year ends on July 29, 2016: "After the first year, upgrades will be paid via boxed product and VL Upgrades.”
So weak crypto is worse than sending data in the clear? OK.
I think the rationale is that a false sense of security is worse than a true sense of insecurity.
Because some browser makers aren't smart enough to apply different policies to private internets from those that they apply to the public Internet. There's a reason IE implements the "Intranet zone", and other browser makers could likewise offer an option to be more lenient with addresses in 10/8, 172.16/12, and 192.168/16 prefixes.
SHA-1 is like a bridge marked for 10 tons of weight, but it actually can only carry 5 tons.
SHA-1 is like your 5-ton bridge marked as a 10-ton bridge when the occupied weight of a standard bus is 10 tons. I guess browser makers don't see much application for a 5-ton bridge apart from bicycles.
The notifications pages that come up need improvement to let people know what happened. Just because a certificate doesn't pass doesn't mean
Second there needs to be laws on the books that manufactures must abide by to sell embedded products.
1. They must offer security updates for all embedded devices for 25 years.
2. They can EOL their product anytime prior by opening the devices to external developers and firmware.
3. Going bankrupt does not negate these responsibilities so each product must have an immediate action plan to comply with #2.
4. Every company must be audited yearly for #3.
The Android Studio download page is signed with a TLS certificate issued to *.google.com with serial number 04:32:D9:AF:F1:79:D0:7E and SHA-256 fingerprint:
It links to a 1.2 GB file, also behind an HTTPS URI. How is HTTPS insufficient to specify the publisher?
I dropped WEP in favor of WPA in June 2014, once GameSpy had shut down. The last pre-WPA device I had that needed WEP was a Nintendo DS, and online games for DS had relied on GameSpy.
I haven't heard anything dramatic in the SHA-1 front for quite some time now. How recent is that research? Years?
Why do none of these companies take the fucking responsible approach and issue a high priority, even out of support stages, to any product that has this issue?
Let's face it, XP is STILL a hugely used OS. Microsoft certainly aren't doing SHIT to change that.
They certainly aren't doing SHIT to deal with ActiveX either.
The same can be said of others dropping support.
Just because you drop support for features doesn't mean you need to stop security updates.
You can certainly drop the frequency and resources used for it, but not completely halt it.
Even making people pay a little for these EOL products (which they do now), but instead they make people pay a shitload of money despite THEIR SITUATION BEING COMPLETELY UNCHANGED in the company.
CloudFlare have another pragmatic proposal - require CAs to randomize the certificate serial numbers instead of using predictable sequential numbers. Note that this precaution would have made even MD5 certificates safe against current known attacks.
https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
If the server was compromised for example, you'd get right place, wrong file.
The same would be true if the build server was compromised.
In addition, for developers not quite as big as Google, one TLS certificate to obtain and keep renewed every year is cheaper in both time and CA fees than one TLS certificate for the website every year and one code signing certificate per platform per year. Or is there a counterpart to StartSSL or Let's Encrypt for code signing yet?