Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm.

Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure.

Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, despite the fact that SHA-1 is known to be ineffective.

According to experts at Netcraft,  the number of SHA-1 certificates issued this year is 120,000, but most worrying is that nearly a million of surveyed SSL certificates October SSL were signed with a process relying on the SHA-1.

“Nearly a million SSL certificates found in Netcraft’s October SSL Survey were signed with the potentially vulnerable SHA-1 hashing algorithm, and some certificate authorities are continuing to issue more. Google Chrome already regards these certificates as insecure, resulting in more warning signals than if the sites had been served over a completely unencrypted HTTP connection.” states Netcraft.

A recent research dubbed SHAppening aimed to demonstrate how to cause a full SHA-1 collision within 49-78 days by using a 512-GPU cluster.

Do you think that is not easy to have this computational capability?

Wrong, an attacker can rent the equivalent processing capability on Amazon’s EC2 cloud computing service, an operation that would cost only $75,000 to $120,000. The demonstration provided by Netcraft is alarming and it reinforces to accelerate the migration that is estimated to be completed by 2017.

“Renting the equivalent processing time on Amazon’s EC2 cloud computing service would cost only $75k-$120k, which is an order of magnitude less than earlier estimates. The researchers point out that this represents an important alarm signal, and that the industry’s plans to move away from SHA-1 by 2017 might not be fast enough.” states  Netcraft.

What does it mean for end-users?

A group of well-funded attackers, let’s think about state-sponsored hackers or an international cyber crime ring, could impersonate an SSL site that uses a trusted SHA-1 certificate.

Another dangerous scenario could be observed when browsers still accepting SHA-1 signatures, in this case even after the adoption of SHA-2 certificates the SSL sites remain at risk. If the attackers are able to compromise an intermediate CA certificate signed with SHA-1, they could generate valid certificates for any domains.

“Some certificate authorities were hit by an unexpected pitfall after migrating to SHA-2, after failing to use new names for their SHA-2 signed intermediate certificates. SSLMate, an SSL certificate vendor, published two examples of how Google Chrome could erroneously suggest that a site was affirmatively insecure for serving a SHA-1 certificate, even when the full certificate chain actually used the SHA-2 hashing algorithm. This undesirable behaviour was caused by caching in the cryptographic libraries used by Chrome (CryptoAPI on Windows, and NSS on Linux).”

It is time to migrate to SHA-2 and SHA-3, the unique hash algorithms approved by the National Institute of Standards and Technology (NIST) for the generation of digital signatures, but beware because only SHA-256, SHA-384 and SHA-512 algorithms are allowed by the CA/Browser Forum’s Baseline Requirements of publicly-trusted certificates.

As I have already written, Microsoft announced in 2013, its intention to force the use of the SHA2 algorithm in code signing and SSL certificates from 2014. In September 2014 Google and Mozilla announced that their browsers would stop accepting SHA1-based certificates after January 1, 2017.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – SHA-1 Certificates, digital signature)