Become a fan of Slashdot on Facebook


Forgot your password?
Microsoft Mozilla Security

Microsoft Follows Mozilla In Considering Early Ban On SHA-1 Certificates ( 47

itwbennett writes: Following the first successful collision attack on the SHA-1 hashing algorithm last month, Mozilla said that it was considering a cut-off of July 1, 2016 to start rejecting all SHA-1 SSL certificates, ahead of an earlier scheduled date of Jan. 1, 2017. And now Microsoft is considering blocking the hashing algorithm on Windows by June next year.
This discussion has been archived. No new comments can be posted.

Microsoft Follows Mozilla In Considering Early Ban On SHA-1 Certificates

Comments Filter:
  • by nneonneo ( 911150 ) <spam_hole&shaw,ca> on Friday November 06, 2015 @01:42AM (#50875199) Homepage

    If it really is only $75-120K to crack SHA1, I propose we start a Kickstarter to gather the funds. Given the estimate of a few months, we'll ship our SHA1 collision well before a lot of other Kickstarter projects ship their products :)

    • by cjmnews ( 672731 )

      If the statement "first successful collision attack" were true, then I would put money into that Kickstarter.

      But, if you follow the links, you'll find that they only partially succeeded on the collision in just the compression section of SHA-1. There's a lot more work to be done to make this into an actual SHA-1 collision. Their estimate of a full collision by the end of the year is overly optimistic.

      The Kickstarter would have some cash, that would be quickly drained without a full collision in sight. So

  • Overrides (Score:5, Insightful)

    by sexconker ( 1179573 ) on Friday November 06, 2015 @02:01AM (#50875229)

    At least let me fucking override shit for my devices (UPSes, copiers, etc.) that have absolutely no ability to use anything other than the self-signed shit they come with.

    I'm fine with warning or blocking by default, but when those idiots remove my ability to do what I need to do (whitelist) I end up having to keep an older version of the browser with more holes in it just to connect to this UPS, that switch, this copier, etc.

    • by Sits ( 117492 ) on Friday November 06, 2015 @02:46AM (#50875307) Homepage Journal

      My experience of these changes is that you'll be forced to click through a warning in your browser even if you installed the certificate (or the root CA signing the certificate). The Microsoft page about no longer trusting SHA1 certs is confusing in this respect [] because it includes information about signing Windows binaries but it does say

      Windows [...] will no longer trust any code that is signed with a SHA-1 code signing certificate and that contains a timestamp value greater than January 1, 2016

      That document also says it only applies to certs that are in the Microsoft Root Certificate Program [] so ones you've manually installed might not be affected.

      This is slightly different to the Mozilla's SHA-1 deprecation information []:

      After January 1, 2017, we plan to show the “Untrusted Connection” error whenever a SHA-1 certificate is encountered in Firefox.

      Perhaps this isn't the override you were thinking of but it doesn't sound like a total block.

    • Re:Overrides (Score:5, Informative)

      by Zuriel ( 1760072 ) on Friday November 06, 2015 @03:17AM (#50875357)
      You can join the ranks of people holding on to WinXP virtual machines because they need them to administer that one device that needs a certain version of Java 1.4 and Firefox 3.6.
      • Those sorts of people should just install one of the free VM products (QEMU (linux) [] Virtual PC (Windows) []) available for their machine, install the os and only use it when required.
        There are also a few paid ones available.
        Do this would provide a greater level of security.
        • Those sorts of people should just install one of the free VM products (QEMU (linux) [] Virtual PC (Windows) []) available for their machine, install the os and only use it when required. There are also a few paid ones available. Do this would provide a greater level of security.

          ranks of people holding on to WinXP virtual machines

          It's not quite so bad as you think, then :)

    • Why not just use a portable version of some old Firefox, for example? If you use the portable, outdated version only for the outdated devices and the up-to-date Firefox everything else it shouldn't be too much of an issue?

    • The problem with the Internet of Things is that nobody seems to issue security updates for the plethora of devices we have plugged into our networks and when they do it's almost impossible to actually apply them.
  • by GuB-42 ( 2483988 ) on Friday November 06, 2015 @04:33AM (#50875483)

    It's fine rejecting insecure certificates but sometimes, I'd rather have browsers get their priorities in order.
    If you go on a SSL website that uses a self-signed certificate or use a slightly outdated one, you are presented with a scary warning page with multiple clicks needed to get to it. However, plain HTTP goes right through even though it is less secure than SSL with any bogus certificate.

    Instead of a ban, I'm all for a rating system, like :
    - Strong : everything OK, strong crypto
    - Medium : slightly outdated, weaker crypto (SHA-1 could be on this level)
    - Weak : self-signed, completely outdated
    - None : HTTP
    - Dangerous : revoked, mismatched certificate, suspect behavior (such as a decrease in security from last visit)
    Only the "dangerous" category should trigger a warning, for the other categories, a different "lock" icon should be sufficient. Like the crossed-out "https" in Google Chrome.

    • Posting sensitive data to an unauthenticated server is very bad. For instance, when your online banking environment suddenly uses a self signed certificate, you should notice. This is a very bad situation, and should fall within the "dangerous" category and certainly not in the "weak" category.
      • I quote GP:

        suspect behavior (such as a decrease in security from last visit)

        • Re: (Score:2, Insightful)

          by Erik Hensema ( 12898 )
          Then the first visit is always unsafe since no data is known. Now you can get valid data by checking the certificate, but since that's not what the OP wants, what's left?
      • by GuB-42 ( 2483988 ) on Friday November 06, 2015 @06:58AM (#50875717)

        Indeed but posting sensitive data unencrypted is even worse and the browser won't say anything about it.
        The problem is that the browser has no simple way of knowing if the site is sensitive or not. The best it can do is to tell you clearly about the level of security so that you can react accordingly.
        "Dangerous" would be "worse that unencrypted" and should be reserved for cases where an attack is strongly suspected, cases where the error is unlikely to be simply the result of poor maintenance (outdated) or not wanting to deal with certificate authorities (self-signed).
        Also note that the examples I gave are not necessarily the best. The true conditions should be determined by actual data. But, I sometimes see myself going to the http version of a (non sensitive) site to avoid the warning, that's retarded and browsers shouldn't encourage this behavior. Also, wanting to visit a broken https site once doesn't mean I want to add an exception forever.

    • The problem with the lock icon and similar things is it arrives too late. By the time the user sees it they have already interacted with the server and potentially sent it sensitive information.

      Consider for example a login form on [] that submits the login details to [] .

      • I'm not sure that example is much of a problem. The certificate is checked, and the user asked, before the actual HTTP request is made. The sequence is "Set up secure link, if there's a problem check with the user, if everything's OK so far send the GET or POST, header, and form data."

    • Mozilla is working on that: []

    • by Bengie ( 1121981 )
      "Weak" is less safe than "none". What's "better". telling someone they have a secure house when it is not or telling someone they're in an unsecure house?

      Rule of thumb, wrong information is always the worst kind of information, even more than no information.
  • by Rick Zeman ( 15628 ) on Friday November 06, 2015 @10:22AM (#50876417)

    ...has a menu option in the develop menu for "Treat SHA-1 Certificates as insecure." Nice having the flexibility to turn that on and off depending on need.

  • []

    Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1?

    To quote Michael Staruch from the above link:
    It looked more like attempts to discredit DHE and push everyone into ECC. And I am not so sure if that's best way to protect our privacy, especially with multiple TLS clients supporting only NSA Suite B curves.

    Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to something else (with a se

"Hey Ivan, check your six." -- Sidewinder missile jacket patch, showing a Sidewinder driving up the tail of a Russian Su-27