Security Sidebar: Google Leads The Way On Sunsetting SHA-1

SHA-1 (or Secure Hash Algorithm) is a cryptographic algorithm that was developed by the National Security Agency in the 1990s and is widely used in popular cryptographic protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS).  These protocols are designed to provide secure communications over the Internet.

The SHA-1 algorithm is commonly used by Certificate Authorities (CA) as a part of the overall Public Key Infrastructure (PKI).  While the intent of this article is not meant to fully explain PKI, it is important to note that many CAs utilize the SHA-1 algorithm to digitally sign certificates for secure websites.  These CA-issued certificates are critical for users who want to maintain a level of trust and security when accessing those secure websites.

If a user visits a secure website (https) and the digital certificate is not valid, it could mean that a bad guy is attempting to steal your information.  Your Internet browser (Internet Explorer, Firefox, Chrome, Safari, etc) will notice that the certificate is bad and it will alert you to the fact that you are about to engage in some non-secure communications.  Each browser presents this information in a slightly different way, but they all give you an alert nonetheless.  The screenshot below shows an example of Google Chrome attempting to access a secure website that has an invalid certificate.

 

On September 5, 2014, Google announced that their popular Chrome browser will sunset the SHA-1 algorithm.  They claim that SHA-1 has been a weak digital signature algorithm for at least 9 years.  One of the primary reasons for this weakness is the ease of collision attacks against SHA-1, thus prompting Google to declare it no longer safe for public consumption.

Google is not alone in their current fear and loathing of SHA-1...most other browsers have stated their intention to deprecate SHA-1 as well.  While everyone agrees that SHA-1 needs to be replaced, not everyone agrees on the process or timeline to do so.  Starting in November 2014 (as in, like, next month), Google will methodically sunset the SHA-1 algorithm starting with Chrome version 39.  Websites using HTTPS whose certificate chains use SHA-1 and are valid past January 1, 2017 will no longer appear to be fully trusted in Chrome.

Google Chrome has several different icon indicators in the address bar that display the overall trust factor of a given certificate chain for the website you are accessing.  The first is a lock with a yellow triangle over it.  This indicates a certificate chain that is "secure, but with minor errors."  The next is a blank page icon.  This indicates a certificate chain that is "neutral, lacking security."  The last is a lock with a red X and a red strike-through text treatment in the URL scheme.  This indicates a certificate chain that is "affirmatively insecure."  Check out the above screenshot again...notice that it falls in the category of "affirmatively insecure" based on the red X and the red strike-through text in the URL.

So, how does all this fit together?  Well, Google has announced that it will start displaying these various icons on websites that use the SHA-1 algorithm.  The following table shows the details of the SHA-1 certificate expiration date and the related Chrome icon display in the address bar.

 

 

Today, SHA-1 is used in over 98% of certificates issued worldwide.  Likewise, Google Chrome accounts for 38% of all Internet browsers used today (as of August 2014...see the chart below).

 

 

When you combine the fact that Google Chrome accounts for almost 40% of all Internet browsers and SHA-1 is used in over 98% of all certificates worldwide, you can see why so many CAs are scrambling right now to re-issue new certificates in very short order.

As you update/validate the certificates in your organization, you will need to verify that legacy applications will support the new algorithm.  Also, if you have external hosted applications, you may need to issue new certificates so that users don't get those crazy browser warnings.

This SHA-1 situation is just another reminder of the ever-changing technical world we live in.  It's important to know what's out there, and it's important to stay as much ahead of it as possible.

 

Published Oct 01, 2014
Version 1.0
  • In my LTM (11.2.1) there is the option of RSA and DSA. Is DSA been proven to be stronger or as strong as SHA-1?
  • I would choose RSA. The DSA (Digital Signature Algorithm) can utilize SHA-1 as its cryptographic hash function, but it doesn't have to. For more info on the SSL cipher suites supported by each version of BIG-IP, check out this link: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html Hope this helps! John