First published in 1995, SHA-1 is one of the cryptographic hash algorithms used to verify the certificates used by websites to prove that they are who they say they are. But it has a problem today: The assumptions made long ago as to its mathematical resistance to attacks have been overcome by cheaper, faster computing power. Now, a SHA-1 certificate just does not provide the security it was once thought to.

SHA-1 Certificate Issues

Hash functions are supposed to give unique outputs for unique inputs. However, there is recent research showing a method of collision attack that could give the same output for two differing inputs, which means an attacker could spoof a browser by forging a signature. That’s not good for software downloads, banking transactions or any other Web process that needs to know — via the certificate mechanism — to whom it is talking.

This problem has been obvious, if not acute, for a while. The National Institute of Standards and Technology (NIST) banned use of SHA-1 for new certificate signature generation after the end of December 2013. The newer SHA-2, which has double the bits — 256 compared to 128 — of hashing, was strongly pushed. By May 2015, there were more SHA-2 certificates in use than the legacy SHA-1 certs. But many certificates still use SHA-1, and some of them are issued for a period extending beyond the beginning of 2017.

That date matters because browser manufacturers have provisionally decided to stop accepting SHA-1 certs as valid after January 2017. But given the new information on how much simpler cracking SHA-1 is than was previously thought, they may have to move sooner than that. Mozilla announced in late October that is was trying to advance the cutoff date to July 2016. Microsoft is also considering stopping the trust of SHA-1 signed certs as of June 2016.

Why Is There a Problem?

Internet services company Netcraft said there are over 1 million SHA-1 certs still being used. There may be a very simple reason for this situation: Users in less developed countries do not have the software or hardware to process SHA-2 certificates. Windows XP SP2 and earlier, as well as Android 2.2 and earlier, can’t handle SHA-2.

While these operating systems are no longer distributed, they still remain in wide use. This means that there could be as many as 70 million users that would be locked out of a site using SHA-2.

Mozilla already ran into this problem: The company reckons that it killed 1 million downloads by switching to a SHA-2 cert on its site. As the organization put it, “A lot of the world is still running old browsers.” It had to reissue a SHA-1 certificate that expires at the end of 2015 as a temporary solution.

Dealing with legacy programs is never easy or simple; resolving this situation will be neither. But assuring the majority of Web users use a working privacy system is too important an issue not to pursue with vigor.

More from Software Vulnerabilities

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis

13 min read - The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and remotely. This analysis was performed in collaboration with the Randori and X-Force Adversary Services teams, by Valentina Palmiotti, Fabius Watson, and Aaron Portnoy. Research motivations…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today