Twitter has announced its stance on SHA-1 migration. In a blog post published Tuesday evening, Twitter's trust and information security officer Michael Coates announced support for a “certification switching” proposal offered by Facebook and web security firm CloudFare.
The announcement comes as Microsoft, Mozilla, and Google's browsers are set to stop supporting any SHA-1 certificates issued after next Friday.
The dispute, in which browser companies have been pitted against certificate authorities and enterprise clients, grew lively this year after researchers discovered that it was cheaper and easier to launch a collision attack against the hashing algorithm than previously believed.
The Facebook-CloudFare-Twitter “certification switching” proposal appears to be a last-ditch effort to patch together a system – albeit insecure – that would allow individuals to maintain their connectivity.
In a Facebook post by CSO Alex Stamos noted that millions of web users will lose access to secure Internet usage after December 31. “A disproportionate number of those people reside in developing countries, and the likely outcome in those counties will be a serious backslide in the deployment of HTTPS by governments, companies and NGOs that wish to reach their target populations,” Stamos wrote.
Kevin Bocek, vice president of security strategy at Venafi, told SCMagazine.com, that he disagrees with Stamos' assessment that emerging economies will experience a secure connectivity backslide. “That population does exist, but you can turn that statistic and use it to your advantage.” he said. “Everyone is moving towards encryption.”
“We propose a new Legacy Verified (LV) certificate,” wrote CloudFlare CEO/co-founder Matthew Prince in a blog post. “These certificates would allow legacy signature protocols, such as SHA-1, and only be issued to organizations that can confirm they properly only issue certs based on modern protocols to modern browsers while falling back for legacy browsers.”
Ramon Peypoch, chief product officer at ProtectWise, told SCMagazine he finds the lack of will to create an affordable and technical solution for users with low-grade devices to be “disappointing.” He said there could be a concerted effort on the part of browsers and certificate authorities to help users experience the Internet. “You probably want to do that in a way other than wherein you effectively become cannon fodder for DDoS attacks, malware, and exploits,” he said.
Wayne Thayer, general manager of security products at GoDaddy, said he understands the opposition to certificate agencies whose enterprise clients have not yet fully migrated to valid SHA2 certificates. “As long as CAs still issue SHA1 certificates, it's difficult to ensure proper entropy in their certificates to mitigate the risk of a collision attack,” he said.
Peypoch, at ProtectWise, said SHA1 is easily exploitable. “You don't need to be a highly-sophisticated state-sponsored hacker,” he said. “These are run-of-the-mill, commodity hacks.”