The SHA-1 End Times Have Arrived

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant. The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare

Congratulations

[NotInHere]

You've got to move, but you can't move when you are a small browser vendor, or a hardware vendor. Its the big browser vendors who have enough leverage to convince people to switch to SHA-2.

Re:Congratulations

[Gravis+Zero]

$ echo "The world's smallest violin playing just for you." | shasum
1fbba1dd67c59513b4b6040b4036d6dd47e3858e -

Re:Congratulations

[KiloByte]

Firefox isn't a "small browser", it's the only browser for most architectures. Chromium is Windows (not XP!)/Mac/Linux-glibc only, exclusively for amd64/i386 -- ARM is only for Android.

Also, Chromium is spyware that phones home even in "Incognito mode", going over any extensions (so uBlock+uMatrix are of no help). It contacts www.google-analytics.com so it's not just an update check or something benign.

So even on amd64, Firefox is the only real option.

Re:Congratulations

[NotInHere]

Firefox isn't a "small browser", it's the only browser for most architectures.

I've meant my statement differently. Firefox does count as major browser for me (there are five currently, Safari, Internet explorer, Edge, Chrome, Firefox). Just for example if Opera did this, no website operator would care.

Re:Congratulations

[ls671]

Here the real checksum for the string:

$ echo -n "The world's smallest violin playing just for you." | shasum
1ec19fdbc2ad777c7a441264bf2db365290c4d15 -

Re:Congratulations

[jopsen]

Nobody is forceing hardware vendors to move... Websites can still offer sha1, but many probably won't due to the security implicationsing

Re:Congratulations

You are correct. Strangely on windows machines it is difficult to avoid the \CR \LF trailing the text. Even the echo command don't have the feature to remove the trialing 0x0D 0x0A. But still possible with copy con Like so:

copy con sha1_me.txt
The world's smallest violin playing just for you.
^Z
1 file(s) copied.

openssl dgst -sha1 sha1_me.txt
(stdin)= 1ec19fdbc2ad777c7a441264bf2db365290c4d15

Assuming your have downloaded openssl binary for Windows.

Re:Congratulations

Be a man and use a real operating system, like FreeBSD.

Oh Noes!!!!111!!

It's like Y2K all over again!

The end is nigh!

/fud

We need a browser for luddites.

That support insecure features like Sha-1 and Flash players unlike Appy Browsers that App Walled Garden features.

Symptom of a larger problem

[Billly+Gates]

Us geeks and IT professionals who visit this website do not need convincing. Who here loves outdated insecure crappy software? Ok there are some who use XP still who do not like change but are in the minority.

THe problem is no value in IT in business infrastructure or processes. We all experienced it some time in our career. We are outsourced, not invited to meetings that we would be in dealing with IT, dictated too, forced to learn Cobol, Java, IE 6 stuff, and to keep unpatched systems secure somehow.

Sha-1 is not going anywhere where I work. IE 6 is too ingrained and our customers use it. So we use insecure IE 6 + insecure Server 2003 to process our HIPA and credit card data where we are fired if a security breach takes place. Sha-1 is required for the glue to hold most of our customer systems in place.

We are never invited to the meetings for these requirements. We are a cost. We are told I promised the client it will be done in 48 HOURS!! My company is the smae as the last one where we outsource everything for the cheapest bidder too for the work. At least the employer presently does not go to that extreme when they promise a client a months worth of work must be done in 72 hours.

Anyway our MBA's do not know what a Sha-1 is?? They do not care as IT is plumbing. As long as no water is leaked never replace the pipes. THe problem is if we dictate to the customer NO USE SHA-2 and update your mission criticial $1.5 million dollar app they will give us the finger and go to a competitor.

Until IT is respected like it was back in the 1990's as part of the business process team to help the organization perform it's functions SHa-1 will be like Java/Cobol and never be updated no matter how many geeks whine.

If java 8 stops sha1 or MD5 signing then we will use an insecure version. HR will fire me if I break their apps so what choice do I have?

Re:Symptom of a larger problem

Go work for a less crappy company.

Re:Symptom of a larger problem

[Gravis+Zero]

THe problem is no value in IT in business infrastructure or processes

Actually, the problem is that there are no direct penalties for criminal negligence within a corporation.

HR will fire me if I break their apps so what choice do I have?

Go work for a company with more respect for IT. If you can't find one, found one!

Re:Symptom of a larger problem

And that would be? There are plenty of companies out there. Not all are hiring. If they are they want to under pay or play buzzword bingo just for them to even look at you.

Re:Symptom of a larger problem

[Pentium100]

As long as no water is leaked never replace the pipes.

Tell them that SHA-1 is the same as a lead pipe and IE6 is the same as a radium pipe. They may not leak, but it also may not be very healthy to drink the water that has been trough them.

However, some of the requirements are not reasonable. I agree that IE6 is really bad, but in some cases it may be running on a device that costs a lot to replace.

Is SHA-1 weak? Yes. But in some cases it may still be good enough. AFAIK, SHA-1 is weak against collision attacks (creating two messages with the same hash), but strong enough against regular attacks (create a message that produces a specified hash). So, if I use SHA-1 for authenticating VPN packets (quite a few devices do not support sha2), it should be good enough, since the attacker would need to change the encrypted packet such that it 1) matches the MAC and 2) is decrypted into something useful for the attacker.

Hey, even cracking a salted MD5 hash (to get the password) is still quite difficult.

This is different to the attack of me producing two contracts with different text and the same hash and then having you sign one of them, but later claiming that you signed the other.

Security and convenience (and cost) are opposite of each other. Because of this, you have to find a reasonable level of security.

Re:Symptom of a larger problem

Tell them that SHA-1 is the same as a lead pipe and IE6 is the same as a radium pipe.

Radium reacts with water violently.

Re: Symptom of a larger problem

Then play buzzword bingo. Stop being a whiny bitch.

Re:Symptom of a larger problem

[thegarbz]

Tell them that SHA-1 is the same as a lead pipe and IE6 is the same as a radium pipe.

Not going to work. Lead pipes are what made those MBA the men they are today.

Re: Symptom of a larger problem

So it sounds like an apt analogy for IE6.

Re:Symptom of a larger problem

so what choice do I have?

1) You are treating MBA / HR / management / (insert another layer here) as an ignorant part of your work chain. You need to make them your allies and partner with them. Easier said than done I realize - however - it also indicates that you do not speak their language. Hint - build up a business case describing the outcome in terms of risk. Put together a high-level cost-benefit analysis of doing nothing vs. doing it right - this isn't as hard as it sounds believe it or not. HIPAA data costs ~$200 per record compromised (http://www.hipaajournal.com/calculating-the-cost-of-a-hipaa-data-breach-6534/) - go from there factoring in operating costs . Get them to sign off on acknowledging the risk and analysis. Its amazing how many times that will cover yourself when (not if but when) ___ hits the fan.

2) Go work for a company that treats IT as strategic - not as a cost center. I can promise you there are plenty of them out there and when you interview with the companies you need to ask explicitly about this topic.

3) Get more mentoring in the workplace to understand "non-geek" topics. Its amazing how much you can learn from others just by sitting down once a week for lunch with somebody who has a different job role / different experiences within the company.

Added note - I have an MBA and CompSci degree. I still work in a technical role by choice but understand how/why the business functions the way they do. I also do a fair bit of mentoring in the workplace. If you worked for my company - I'd be glad to sit down with you and chat - but I don't believe you do. Best of luck to you.

Re:Symptom of a larger problem

Having an MBA is not a positive endorsement.

Re: Symptom of a larger problem

Alan Cox stopped kernel hacking for a while to get his MBA.

Re:Symptom of a larger problem

[Cramer]

This is exactly the "sky is falling" bullshit around hashes. ALL HASHES HAVE COLLISIONS. (eg. one cannot uniquely represent more than 128bits with a 128bit value.) I have yet to see anyone offer proof of CREATING a collision, much less a method to modify a message without altering the hash -- at all, a meaningful modification is so remote as to be "impossible".

(I've only seen one "lab" example for MD5, where a file contains two documents and a block of padding such that altering a pointer controls which document is live and the padding allows correcting the hash. Such bullshit does not exist in the real world. And it too the researchers months to build that example.)

Slashdot has malicious ads

Fiz your site yo

Re: Slashdot has malicious ads

*CO2 injected*

Okay

..now fix the memory leak Mozilla! No reason ten tabs should use 2 gigs of memory after a day of running.

Re: Okay

The other browsers are just as bad. I have found Chromium to be even worse about sucking up RAM like crazy. It's not uncommon for the browser to be using 50-75% of my 32GB of RAM. They all suck!

Re:Okay

They *have* fixed it for the people who actually cared to report the problem to them, and followed through on figuring out what the issue actually was. If you haven't done so, then live with your choice (and "memory leak"). Nobody gives a shit if you just complain about it on Slashdot, giving no info and just chiding someone for not magically being able to reproduce your problem. Hell, the vast majority of people running into these issue these days are running into problems not with Firefox, but with bad drivers, addons, antivirus software, malware, or websites that just love to chew up RAM. Yet the few ACs who bother to figure this out suspiciously never apologize for pointing fingers at the wrong people.

Why not move to SHA-3, if we're moving anyway?

Does anyone know?

Re:Why not move to SHA-3, if we're moving anyway?

[F.Ultra]

Because SHA-3 was not meant to be a replacement for SHA-2. The reason for SHA-3 was to implement a hash that have a completely different design than that of SHA-1 and SHA-2 so that if we ever would see a problem with SHA-2 then it could be replaced by SHA-3 immediately. So SHA-3 is a backup.

Re:Why not move to SHA-3, if we're moving anyway?

[ls671]

Nobody should ever need more than SHA-640 anyway.

Re: Why not move to SHA-3, if we're moving anyway?

:)

Re:Why not move to SHA-3, if we're moving anyway?

SHA3 is meant to be faster than SHA2 and easier to implement in hardware. I would say that's a great reason for SHA3 to supersede SHA2, but it does need many more years of testing. SHA2 will be around for a while unless there is a horrible break.

Re:Why not move to SHA-3, if we're moving anyway?

Why would it need many more years of testing? It's already been tested thoroughly and accepted as a standard.

Re:Why not move to SHA-3, if we're moving anyway?

[F.Ultra]

While SHA-3 might be faster than SHA-2, something that is imho unknown, it was not one of the criteria when the competition for SHA-3 began. http://csrc.nist.gov/groups/ST...

Re:Why not move to SHA-3, if we're moving anyway?

While it wasn't an official criteria, the SHA3 winner was chosen over the other finalists because it is faster and easier to implement in hardware. While the other finalists were crypotgraphically better and faster than SHA2, the winner was faster yet. NIST was quite set on speed and hardware efficiency. With newer uses like credit-cards with extremely limited power and transistor budgets, these criteria are very important.

Re:Why not move to SHA-3, if we're moving anyway?

[F.Ultra]

Looks like it's faster in hardware currently which makes sense for credit-cards and other low power systems. Judging from the benchmarks done it looks like Skein was the fastest however (but this of course benched with software and not hardware). https://bench.cr.yp.to/results...

What about intermediate certs signed with SHA-1?

Thawte says they'll continue to work, but the Chrome page here:

https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html

"contain an intermediate or leaf certificate signed with a SHA-1-based signature"

makes it sound like they're going to be blocked. Anyone know for sure? I have hundreds of them.

I must have accidentally done something right

[caseih]

Just checked some of my certificates that I use on my own server and domain. They are all signed by my own personal CA. Looks like they are signed with SHA-512, which is part of the SHA-2 family. Been that way for 5 years, maybe 10 now. Guess I accidentally did something right when I created those certs years ago.

Re:I must have accidentally done something right

[ls671]

I just checked my 18 year old self-signed certificate, maybe time to upgrade:
Signature algorithm:
PKCS #1 MD5 With RSA Encryption

Re:I must have accidentally done something right

[thegarbz]

There's a lot of good guides to proper end to end security, and plenty of systems that will check it for you.
https://www.ssllabs.com/

You won't get an A+ rating using your own personal CA, but it can expose a whole lot of other problems beyond simply the choice of certificate, and quite frankly if you follow any idiots guide to OpenSSL on the internet these days you'll generate a pretty secure certificate.

Testing old Windows

[sl149q]

It becomes an interesting problem if you need to install an old XP, Vista or Windows 7 from the original ISO's (e.g. to diagnose a customer problem.) If you do need to update them or do anything from them you are out of luck because they don't know about anything other than SHA-1. You have to bring everything in via http or USB key.

Re:Testing old Windows

[F.Ultra]

Or use Firefox on them since Firefox uses it's own crypto library and not the Windows supplied one. Still leaves you with the problem of Windows Updates but all packages are signed there, don't know how they sign them though if they use SHA1 there as well or if they do something else.

Re:Testing old Windows

[jopsen]

Nothing is preventing websites from offering both sha1 and sha2.

Re:Testing old Windows

[ruir]

Well, I migrated all of our sites to SHA2 two years ago...This topic is not new.

Re:Testing old Windows

I don't do much with web sites, but from what I understand and can google, you can only have one cert per domain. You can have more than one cert per IP address, but use SNI to figure out which domain you're attempting to access.

Effects Truecrypt?

[jwhyche]

I have a few offline hard drives that I have encrypted with truecrypt. I have noticed that one of the options for hash values is SHA-512. Does this in any way effect truecrypt?

Yes, I know it is no longer supported and I should switch.

Re:Effects Truecrypt?

[TheRealMindChild]

SHA is a hashing algorithm, not encryption algorithm. SHA in this instance probably refers to the PKCS#5 password-based key derivation function

Re:Effects Truecrypt?

A hashing algorithm chosen for TrueCrypt will be based on making it slow to bruteforce to find the password. SHA in the case of certs is chosen to be fast but to be difficult to forge. In the case of TrueCypt, the hash is not known to the attacker, in the case of a cert, the hash is public information. Different usages.

Yeah, bit me good

[rickb928]

Our legacy software we hoped would support SHA-256, which one of our processing platforms moved to 2 weeks ago. Nope, despite lukewarm assurances, it did not. Frantic migrations. Many upset users.

Over a 12+ year old app that has survived conversion from dialup to HTTPS to FTPS, moved through several processor changes, and finally the death begins. I expect other platforms to migrate off SHA-1/SHA-2 and kill this old beast dead.

A little more warning would be nice, but heh, we still would have had to leave it behind