Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.
With Tuesday’s announcement, the tech giant has fallen in line alongside Google, Mozilla and Microsoft in deprecating the SHA-1 and older hash algorithms.
“These changes are part of a broader shift in how browsers and web sites encrypt traffic to protect the contents of online communications,” said Facebook production engineer Adam Gross in making the announcement.
Word has spread that SHA-1 should be phased out of new applications and existing implementations for some time. Given the dropping costs of processing power, especially with cloud-based services available from Amazon and others, experts have predicted that a practical collision attack against SHA-1 would be possible by 2018.
Collisions occur when an attacker is able to generate a certificate with the same signature as the original cert. Though mathematically possible, a collision attack, even against a weakened SHA-1, would take significant hardware resources in order to execute.
“A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021,” said Jesse Walker, coauthor along with Bruce Schneier of Skein, a finalist in a NIST-sponsored SHA-3 contest. Walker estimated costs, based on Amazon rates, would be about $173,000 by 2018 and could dip to $43,000 by 2021.
Facebook said it plans to update its servers to stop accepting SHA-1 three months before a sunset date of Jan. 1, 2016 established in baseline requirements published by the CA/Browser Forum.
“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard. If your app already supports this standard, then no action is necessary,” Gross said. “But if your app relies on SHA-1 based certificate verification, then people may encounter broken experiences in your app if you fail to update it.”
Microsoft began steering developers away from SHA-1 in late 2013 when it set a January 2016 deadline that SHA-1 would no longer be allowed for code-signing and certificates. Last October, it made SHA-2 available for Windows 7 and Windows Server 2008 R2, bringing those older versions of Windows in line with Windows 8 and Windows Server 2012 and 2012 R2.
Google was next to phase out SHA-1 starting with Chrome 40. Google said that websites with certificate chains including SHA-1 which extend beyond Jan. 1, 2017, will be marked with a blank white sheet, the current visual display for “neutral, lacking security.” Chrome 41 will treat such sites as “affirmatively insecure,” a state indicated by a padlock with a red X on top of it and a red strike through the text that says HTTPS.
Mozilla moved beyond SHA-1 last September when it asked Certificate Authorities and websites to upgrade certificates to SHA-256, SHA-384 or SHA-512, all exponentially stronger mathematically than SHA-1, and announcing that SHA-1 should not be trusted after Jan. 1, 2017. It urged CAs to no longer issue new SHA-1 certs and asked them to migrate customers off SHA-1 intermediate and end-entity certificates. Any SHA-1 certs issued for compatibility’s sake, Mozilla said, should expire before Jan. 1, 2017.
