In as little as three short months, the SHA-1 internet security standard used for digital signatures and set to be phased out by January 2017, could be broken by motivated hackers, a team of international researchers found, prompting security specialists to call for a ramping up of the migration to SHA-2.
“We just successfully broke the full inner layer of SHA-1,” Marc Stevens of Centrum Wiskunde & Informatica in the Netherlands, one of the cryptanalysts that tested the standard, said in a release. Stevens noted that the cost of exploiting SHA-1 has dropped enough to make it affordable to every day hackers. The researchers explained that in 2012 security computer security and privacy specialist Bruce Schneier predicted that the cost of a SHA-1 attack would drop to $700,000 in 2015 and would decrease to an affordable $173,000 or so in 2018.
But the prices fell--and the opportunity rose--more quickly than predicted. “We now think that the state-of-the-art attack on full SHA-1 as described in 2013 may cost around 100,000 dollar renting graphics cards in the cloud,” said Stevens.
Dr. Yehuda Lindell, chief scientist and co-founder of Dyadic, believes a full break of SHA-1 is just on the horizon. “I am convinced that large organizations (or governments) have already found collisions in SHA-1, Lindell said in a statement emailed to SCMagazine.com. “Attacks have been known for many years, but they are too costly for academic groups to carry out. Thus, no publicly published collision has been found. However, this does not mean that those with more means have not found them. “
Noting for quite some time that SHA-1 no longer offers an acceptable level of security, Google made it clear last year that would compel users to update their security certificates, moving from SHA-1 to the more secure SHA-2 crypto hash over the next two to three years. And Microsoft, too, had said in 2013 it would start withdrawing its support from SHA-1 on January 1, 2016, with the transition complete by January 1, 2017.
Still, Google's late August 2014 announcement that it would try to accelerate the migration to the more secure SHA-2 by having Chrome 39 treat some sites as untrusted with notifications beginning to appear when users accessed those sites, took advocates by surprise and prompted some push back. Experts said at the time that potentially hundreds of thousands of web operators may not be able to comply in the proposed time frame and that users would find the notifications both confusing and alarming.
But this latest research, which shows how eminently—and cheaply—SHA-1 could be exploited, underscored the importance of migrating to SHA-2 as quickly as possible.
“We urge the industry to consider shifting this deadline up and enterprises should not wait any longer to migrate to SHA-2,” Kevin Bocek, vice president of security strategy & threat intelligence at Venafi, said in a statement emailed to SCMagazine.com. “We also recommend that IT security teams find these SHA-1 certificates immediately, automate the changing of them and report on their progress way before this deadline approaches - procrastinating on this is just a disaster waiting to happen."
Bocek stressed that “using the SHA-1 hashing algorithm is simply no longer acceptable” and called it “pretty much irresponsible since its weaknesses are so widely known.” The security pro added, “The fact that one in three SSL certificates still uses SHA-1 to secure major websites is mind blowing” and contended that “ it's also sending a clear message to lurking cybercriminals that says 'feel free to mount more web attacks on us because we're too lazy to upgrade to SHA-2.'”
Lindell concurred that a switch to SHA-2 should be fast tracked, but expressed dismay that the migration probably wouldn't come soon enough. “There is no doubt that SHA-1 must be replaced immediately,” he said, explaining that, "industry is typically much too slow to make these changes, and so I expect that it will only happen after concrete attacks and damage have been inflicted.”