Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SHA-what? A new warning in Chrome shames outdated security

Glenn Fleishman | June 2, 2015
Chrome users recently started seeing a warning or an error about outdated encryption used by websites for secure connections.

Digital certificates are used by web and other servers and software to allow secure sessions in which one party can be validated by so-called certificate authorities (CAs). Chrome's warning and error will also occur if any of the certificates that are used to validate the web server's certificate rely on outdated methods, because the weakest link in that chain can be broken.

These certificates are cryptographically "signed": the data that comprises them is fed into a hashing algorithm that performs a series of complicated operations to produce a unique, short sequence of numbers called a hash. The idea with a hash is that very similar inputs--two certificates with a single letter varying in the name of the domain, say--produce dramatically different hashes. Further, those hashes cannot be predicted by examining the text fed into the algorithm.

The upshot? You can be sure a piece of plaintext or data you receive hasn't been tampered with by running it through the same hashing algorithm to confirm the same hash results. The certificate authority's role is to sign the hash cryptographically, which can be verified in an operating system or browser against encryption information already stored for a given CA.

However, given enough time, all algorithms can be cracked with brute force or the use of cleverer mathematics. The MD5 algorithm was widely used for years until (and, unfortunately, well past when) it became clear it was possible to create a collision, in which a document could be modified to produce an identical hash to a trusted one, and thus the CA's digital signature would also appear valid. This allows a replacement MD5-signed certificate to be accepted as legitimate without gaining access to the secret materials used to create the original.

The SHA1 algorithm replaced MD5, but it, too, has been long teetering on the edge of computational advances that would allow the same sort of exploitation. Governments almost certainly can do so now in some cases; criminals maybe, too.

In 2011 (yes, 2011) leading browser makers and CAs agreed that SHA1's time had passed. And yet CAs continued to issue certificates signed with SHA1, because infrastructure has to be modified and catch up. The US's agency for standards, NIST, put 2014 as the last year that SHA1 should be considered acceptable, and yet here we are in 2015.

In most cases, generating a new certificate signed by the perfectly acceptable replacement SHA2 is a minor matter, and costs nothing but time and an infinitesimal amount of computing. (SHA2 comprises options for hashes of different bit lengths, and 256, 384, and 512 bits are recommended, with longer being better.)

But CAs have been laggards, because they don't necessarily make any money from migrating their customers to SHA2, although some charge for swapping out SHA1 for SHA2 certificates as if they were being "reissued." It costs CAs money to revise their processes and handle tech support if they stopped allowing SHA1 certificates at all, but it's necessary and critical, and mostly a set of one-time fixed costs.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.