Wondering why Google wants to kill SHA-1.?
Been meaning to write in great depth about SHA-1 , what it is, and why we don’t want it anymore, but hey someone’s already done it very very well here– in fact he’s even written a live web checker.
So I’m just going to summarize the core of this issue
- Any web site that is HTTPS, when connected to ,will present a certificate to the browser claiming to be authentic, secure and real.
- The certificate has been issued to the website by a regulatory body called a Certificate Authority (Examples – Verisign, Comodo)
- The certificate has two parts – key for encrypted connection and SHA-1 hash to ensure that the website you have connected really is the website it claims to be. For e.g. when you go to https://www.facebook.com , the facebook certificate has been signed with a private key that only the CA knows, and the browser will maintain an encrypted connection throughout the session.
- But the browser will only show you a green lock if it can verify that the website really is what it claims to be. For this firstly the CA signs the certificate and runs it through an algorithm which in most cases is SHA-1 . This is where the problem lies.
- One-way hash algorithms like SHA-1 are designed to produce unique, irreversible so that the browser can identify the authenticity of the site
- When your browser sees a certificate, it can calculate the SHA-1 for that certificate’s information itself, and then compare it to the signed SHA-1 that the certificate offered as proof. Because SHA-1 promises unique information, the browser trusts that if they match, the certificate on offer is the same one the Certificate Authority signed.
- If you could engineer a certificate that “collides” with a target certificate, and coax a Certificate Authority to issue you that certificate, then you would successfully forge a certificate that a browser would find indistinguishable from the target.
- In 2005, cryptographers proved that SHA-1 could be cracked 2,000 times faster than predicted. It would still be hard and expensive — but since computers always get faster and cheaper, it was time for the internet to stop using SHA-1.
- Then the internet just kept using SHA-1. In 2012, Jesse Walker wrote an estimate, reprinted by Bruce Schneier, of the cost to forge a SHA-1 certificate. The estimate uses Amazon Web Services pricing and Moore’s Law as a baseline.Walker’s estimate suggested then that a SHA-1 collision would cost $2M in 2012, $700K in 2015, $173K in 2018, and $43K in 2021. Based on these numbers, Schneier suggested that an “organized crime syndicate” would be able to forge a certificate in 2018, and that a university could do it in 2021.Walker’s estimates and Schneier’s characterization have become widely cited in the planning and debate over transitioning from SHA-1. A group of leading Certificate Authorities, the CA Security Council, cited them recently to complain about Google’s schedule. In that complaint, the CAs use those estimates to suggest “the lack of a practical attack until 2018”.
So there you go, you don’t need more proof do you? , Go ahead, change to SHA-2 today
Courtesy – https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1 – Eric Mills site