Google has announced its timeline for deprecating SHA-1 certificates, despite concerns expressed recently that sunsetting the broken encryption hashing algorithm will disconnect millions from the Internet.

SHA-1’s demise has been accelerated in recent months since researchers published a paper explaining that practical collision attacks could be months, instead of years, away.

Google, on Friday, announced that starting with Chrome 48 in early January, users will see error messages displayed if the browser encounters a site signed with a SHA-1 certificate issued on or after Jan. 1, 2016, 11 days from today. By Jan. 1, 2017, or possibly even as early as July 1, 2016, SHA-1 will be blocked altogether in Chrome. Microsoft has already announced it will start blocking SHA-1-signed certs in June 2016.

At this point, sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error,” Google said in its announcement. “This includes certificate chains that end in a local trust anchor as well as those that end at a public CA.”

Microsoft and Mozilla are on similar timelines for ending support for SHA-1, and urge site operators to support SHA-2, drop support for non-RC4 cipher suites, and implement TLS.

In the meantime, Facebook and CloudFlare recently made public pleas to reexamine the path forward on SHA-1. Facebook chief security officer Alex Stamos shared data that shows that up to 7 percent of browsers in use do not support SHA-256, for example, and that tens of millions will be cut off from the Internet as of next Friday.

“A disproportionate number of those people reside in developing countries, and the likely outcome in those counties will be a serious backslide in the deployment of HTTPS by governments, companies and NGOs that wish to reach their target populations,” Stamos wrote.

CloudFlare CEO Matthew Prince, meanwhile, made his case by pointing out that unlike when MD5 was put out to pasture and SHA-1 support was widespread, the same cannot be said for SHA-2, which is also not supported on older mobile devices.

“In a Silicon Valley tech company, where most employees get a new laptop every year and having a 5-year-old phone is unheard of, this may not seem like a problem. But the Internet is used by billions of people around the world and most of them don’t have the latest technology,” Prince said. “To understand the impact, we spent the last few weeks testing browser connections to CloudFlare’s network for SHA-2 support. We see approximately 1 trillion page views for more than 2.2 billion unique visitors every month, which gives us a pretty representative sample of global traffic.”

Prince said approximately 37 million could be cut off from the Internet by the SHA-1 deprecation. Stamos, meanwhile, proposed that the CA/Browser Forum create a new Legacy Verified certificate that would issued to organizations that have made SHA-256 certs available to moder browsers.

“Such verification can be automated or manual, and appropriate measures can be put in place to reduce the risk of a collision attack. Those protections could include requiring LV applicants to have already passed OV or EV verification, as well as technical best practices such as serial number randomization,” Stamos wrote. “If this change cannot be implemented by December 31st, then we call on the CA/B Forum to delay the implementation of the SHA-1 rules for the period necessary to establish standards for Legacy certificates.”

The rush began in earnest in October when an academic paper demonstrated with some measure of practicality that tweaks to existing attacks and advances in the analysis of SHA-1 drastically reduce the cost and time to generate a collision attack against SHA-1, dropping the cost down to between $75,000 and $100,000 USD and trimming down the time to between 49 and 78 days, both well within reach of resourced nation-state attackers and higher end cybercrime outfits.

“This is not an easy issue, and there are well-meaning people with good intentions who will disagree,” Stamos said. “We hope that we can find a way forward that promotes the strongest encryption technologies without leaving behind those who are unable to afford the latest and greatest devices.”

Categories: Cryptography

Comments (7)

  1. brian M
    1

    You do have to wonder at the level of arrogance and stupidity at Google!

    If sites want to use less secure encryption or even no encryption at all, that should be their decision and that of their customers. Let the market dictate!

  2. bem
    2

    This is the market dictating. Google is not a government agency forcing their will, they are simply making changes to their software to not connect to known insecure sebsites.

    Web sites may continue to do as they please, but google isn’t compelled to accept their certificates in the browsers it maintains.

    • Brian M
      3

      But Google is very large business with a large slice of the Browser market and yes they are not a government agency but probably have more power and influence than one!

  3. Eric D
    4

    It really wouldn’t matter what google does anyway. Lots of companies have to abide by compliance regulations anyway so it would come down the pipelines eventually for most companies. Most customers do not know what it means to be unsafe or safe other than when they see a big red alert somewhere in their browser. It’s actually up to the companies to make sure that they ensure consumer safety not to mention this is all stemmed from the investors anyway worrying about their money when company XYZ is in the news for being hacked.

    • Brian M
      5

      True, but sometimes you don’t need heavy security just enough security! Lets face it its not insecure client/sever websites that’s the problem its computer hacking, scamming or employees that are the cause of most major customer data losses!

  4. Dan
    6

    I’m somewhat concerned about how this will affect me at work. Specifically, how this could prevent access to normal sites that customers are used to for those who primarily use Chrome (and who knows, will this eventually include Android devices?) – which will then cause customers to believe that we as a service provider are at fault. The first thing that comes to mind is to tell them “don’t use Chrome” which is not an answer I want to give. Not looking forward to this at all.

  5. agalb
    7

    Meanwhile… While you all debate over the millions that won’t be able to use the internet… I’ll use the next 78 says to be breaking into those ‘encrypted’ conversation…
    Point being… Lose internet, is not worse than loosing everything, because you do not understand that it only takes 90 days to fabricate a digital cert signed with archaic math. The World knew this day would come, Google is not Early announcing, they delayed as long as they could… But nobody listens until they give a deadline, then every one cries that its too soon… But the issues are years old… Blame someone besides Google, MS, Apple, they are doing the World a favor by forcing this change Now

Comments are closed.