Incident Response, Malware, TDR, Vulnerability Management

Mozilla may reject SHA-1 certificates six months early

Mozilla stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month that demonstrated the algorithm could be broken in as little as three months.

In a blog post, ‎Firefox security lead Richard Barnes said Mozilla is considering plans to reject all SHA-1 certificates ahead of schedule, potentially as early as July 1, 2016.

Last month, Mozilla said it would issue advisories on sites that use SHA-1 certificates issued after January 1, 2016. This was before the latest research was announced.

NIST has repeatedly provided guidance encouraging enterprises to transition to SHA-2 because SHA-1 was considered to be unsecure. In July 2012, NIST offered guidance suggesting that SHA-1 certificates should not be used after 2014.

Mozilla's announcement built on an ongoing dispute between web browsers and enterprise companies. In August 2014, Google said it would encourage the migration to SHA-2 by issuing alerts to treat sites that use SHA-1 as “untrusted.” In 2013 Microsoft also said it would complete the transition to SHA-2 by January 1, 2017.

Despite these warnings, many enterprise companies have been slow to transition from SHA-1. For instance, GoDaddy has “basically” transitioned from its use of SHA-1 encryption, according to Wayne Thayer, general manager of security products at GoDaddy. Thayer told SCMagazine.com GoDaddy replaces legacy SHA-1 certificate at their natural expiration cycle, but does not replace certificates ahead of schedule. He did not disclose how many GoDaddy certificates are legacy SHA-1 certificates.

In addition, the web hosting company continues to sell SHA-1 certificates and even promises to eliminate SHA-1 security warnings during installation.

In speaking with SCMagazine.com, researchers compared companies' reluctance to migrate from SHA-1 to the reaction when vulnerabilities were discovered in MD5. After years of warnings that MD5 was exploitable, the algorithm was only abandoned after it was discovered that an MD5 collision was used to launch the Flame espionage malware.

The latest research estimates that a collision attack could be achieved for a little as $75,000. Kevin Bocek, vice president of security strategy at Venafi, said, “For a nation state, whether the U.S., China, Russia, that is pennies.”

Steve Pate, chief architect at HyTrust, said certificates are “a relatively simple problem” for organizations to solve. Considering the risks of a delayed migration from SHA-1, he said, “It is not very difficult to make that transition.”

But Venafi's Bocek said a lot of companies will act very quickly “when that first exploit comes out.”

“This is a matter of risk management, and it is bad risk management,” Yehuda Lindell, chief scientist at Dyadic, told SCMagazine.com. “In the end, we will all pay the price because of it,” he added.

UPDATE: Wayne Thayer provided additional information via email. He said 88% of GoDaddy's public facing certificates are SHA-2 encrypted certificates, based on a validated sample.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.