Google announced Friday it will begin the process of phasing out the obsolete SHA-1 cryptographic hash algorithm with the upcoming release of version 39 of the company’s Chrome browser in November.
After the November release, Chrome will no longer fully trust sites whose certificate chains trust SHA-1 and extend beyond Jan. 1, 2017. Sites with SHA-1 certificates extending beyond that date will be trusted, but Chrome will note that they have “minor errors.” This level of security is and will be indicated by a padlock with a yellow triangle.
Staring with Chrome 40, sites with certificate chains including SHA-1 which extend beyond Jan. 1, 2017 will be marked with a blank white sheet, the current visual display for “neutral, lacking security.” Chrome 41 will treat such sites as “affirmatively insecure,” a state indicated by a padlock with a red ‘X’ on top of it and a red strike through the text that says HTTPS.
You can see the three indicators below:
“The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago,” wrote Google’s Chris Palmer and Ryan Sleevi. “Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web [public key infrastructure]. We can only expect that attacks will get cheaper.”
Palmer and Sleevi go on to further explain that SHA-1 has been largely out of fashion since 2011 when the CA/Browser Forum, an industry group of web browsers and certificate authorities (CAs) that establish basic security requirements for SSL certificates, published its Baseline Requirements for SSL. A year before that, the National Institute of Standards and Technology released guidance saying that the SHA-1 was no longer sufficiently strong for government networks. Since then, CAs have been strongly encouraged to migrate away from SHA-1 as soon as possible.
“We have seen this type of weakness turn into a practical attack before, with the MD5 hash algorithm,” Palmer and Sleevi explained. “We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it.”
Unfortunately, the pair of Google cryptographers explain, migrations from once ubiquitous functions – like SHA-1 – can be seriously problematic.
“For example, when Chrome disabled MD5, a number of enterprises, schools, and small businesses were affected when their proxy software — from leading vendors — continued to use the insecure algorithms, and were left scrambling for updates. Users who used personal firewall software were also affected.”
Despite foreseeable troubles, Google will move forward with their process to replace SHA-1 in the next two months using the gradual approach described above.