Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Microsoft Mozilla Security

Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff (blogspot.com) 115

itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates.
This discussion has been archived. No new comments can be posted.

Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff

Comments Filter:
  • Good grief 15 years is a long time in technology. A very very long time. This platform has required workaround upon work around for over 10 years now.

    The only reason die hards say it is not obsolete and great do not see what crippling and sacrifices are made just to bring a web page to render. Meanwhile the rest of us have inferior sites and products thanks to these cheap skates.

    Time to move on. Maybe these poor Chinese will install Linux if they have very very old hardware? Anything from 2008 and newer can

    • Actually, XP and IE 6 support SHA-2, so I don't even know what you're ranting about.

      Frankly, the list of browsers that support SHA-2 is quite long, and includes surprisingly old versions. I think the server side is a bigger problem. I know some fairly recent vintage appliances-- frustratingly, many of these are SECURITY appliances-- won't support SHA-2.

  • "Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates."

    that's ok - because they can just throw away perfectly good hardware because the software's out-of-date, discarding the older stuff in the hope that it doesn't end up in landfill but ends up in the developing world just like we do. wait... we're *already* talking about the developing world. so that means there's no fall-back - no incentive for the endless cycle of high-profit-with-bugs-and-security-vulnerabilities-so-you-buy-a-new-one, because there's not enough profit made from the sale of newer hardware

    • by AHuxley ( 892839 )
      If you need XP grade OS on the older hardware consider an 32bit non PAE linux options like http://www.bodhilinux.com/ [bodhilinux.com]
      http://www.bodhilinux.com/w/se... [bodhilinux.com]
  • I have a printer that uses outdated crypto sitting on a VLAN only accessible from by internal computers. Because the powers that be have decided that it's insecure, I have to turn off https.... I just want to make sure that my recipe printed from my tablet before hauling my butt from the kitchen to the office.

    Show a scary warning or something. But slightly weak crypto is better than pushing people to not use it.
    • Weak crypto is not better than nothing. Weak crypto can be decrypted and keeping it around means everyone is potentially vulnerable to downgrade attacks.

      • So weak crypto is worse than sending data in the clear? OK.

        Hint: it's not. However, pretending the obsolete crypto is fine and doing nothing to mitigate it is. Performing security theater, like turning OFF https because a scanner flagged it, while still allowing unencrypted communication, is madness.

  • Remember. (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Tuesday December 22, 2015 @09:02AM (#51164741) Journal
    Some of the talk about SHA-1 cutoff has been in terms of "Should we break the intertubes for the poor people who can't upgrade?"

    Remember; we really don't have that choice. SHA-1 is doing the mathematical equivalent of creaking, groaning, and starting to splinter under load. Our choice is not whether to break SHA-1 or not; it is whether or not to pretend that SHA-1 isn't dangerously precarious.

    It's like telling a structural engineer "We can't close that bridge! People need it to cross the river!". That's exactly why we must close the bridge; because if we don't there will be people on it when it falls into the river.

    (That said, in environments where security is provided by other means, say a suitably isolated management-only network, there will continue to be a need for browsers that can interact with pitifully outdated SSL implementations for some time to come, probably a disgustingly long time; just as various ancient JVMs are currently kept around to interact with assorted horrible management interfaces, network KVMs, and the like. In practice, since virtualization is so cheap and such legacy systems should be kept the hell away from the internet, we'll probably just end up using an old browser version on a VM that is firewalled from everything except the legacy devices it is used to manage; but there will be places where compatibility will require accepting a known-pitiful authentication mechanism; but such environments should treat that mechanism purely as an archaic quirk, not as any sort of substitute for security.)
    • In the States we don't spend until after the collapse [google.com]. And even then it's only because we need to put the bridge back up.
  • Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto. Therefore either those people are screwed by being cut off, or the entire world is screwed by broken crypto. Note that this situation damages third parties.

    The right answer is for governments to do their job and set some rules in the marketplace. I suggest these:

    If you sell something, you are responsible for its software in perpetuity. You will release

    • Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto.

      That is a load of crap. Either manufacturers have been creating things with poor security (different debate) or people are using equipment long past their usable life span. It's replacement has been around for 15 years. Windows XP and IE6 support SHA-2. Specific devices are most likely in a scrap heap in China, or used in such critical services that users know the exact risks and are either working around them or living with them (and unlikely to be browsing Facebook anyway).

      • by Hizonner ( 38491 )

        "using equipment long past their usable life span"

        You realize that phrase is self-contradictory, right?

        Windows XP and IE6 support SHA-2.

        You realize that PC operating systems aren't the big problem, right?

        users know the exact risks and are either working around them or living with them (and unlikely to be browsing Facebook anyway).

        Facebook disagrees [facebook.com] with your assessment of what people are using to browse Facebook, and is doing a lot of work to support those out of date systems.

        • You realize that phrase is self-contradictory, right?

          I work for a company where the vendor calls us when someone else has support questions about their old equipment. Equipment that is EOL many years ago yet none the less is used in many places. The statement is only theoretically contradictory. In the business sense, legal sense, and practical sense it is a very real scenario.

          .You realize that PC operating systems aren't the big problem, right?

          Yes, did you see my point about equipment past usable life, and idiot vendors? Or did you just scroll straight down to the XP comment?

          Facebook disagrees [facebook.com] with your assessment of what people are using to browse Facebook

          They may disagree with what is being used to brows

  • Are you still using WEP? You would think people would be more concerned about security with all the hacks every 15 minutes actually getting media attention.
    • I dropped WEP in favor of WPA in June 2014, once GameSpy had shut down. The last pre-WPA device I had that needed WEP was a Nintendo DS, and online games for DS had relied on GameSpy.

  • https://bugzilla.mozilla.org/s [mozilla.org]...

    Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1?

    To quote Michael Staruch from the above link: It looked more like attempts to discredit DHE and push everyone into ECC. And I am not so sure if that's best way to protect our privacy, especially with multiple TLS clients supporting only NSA Suite B curves.


    Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to something else (with a second connection, if necessary) if weak dhparams are used by the server.
  • What Mozilla, Microsoft, and Google do is largely irrelevant for adoption of standards. The adoption laggards are government-space IT, and they are still mandating support for 3DES and vendors still offer it to be able to meet procurement requirements. While Google can grandstand all they want, big fed-space vendors like CISCO will be offering SHA1 for decades to come. This means it is, and will be supported by default by a vast majority of networking infrastructure transporting and managing vast majority o
  • The notifications pages that come up need improvement to let people know what happened. Just because a certificate doesn't pass doesn't mean

    Second there needs to be laws on the books that manufactures must abide by to sell embedded products.

    1. They must offer security updates for all embedded devices for 25 years.

    2. They can EOL their product anytime prior by opening the devices to external developers and firmware.

    3. Going bankrupt does not negate these responsibilities so each product must have an immediat

  • CloudFlare have another pragmatic proposal - require CAs to randomize the certificate serial numbers instead of using predictable sequential numbers. Note that this precaution would have made even MD5 certificates safe against current known attacks.

    https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/ [cloudflare.com]

You know you've landed gear-up when it takes full power to taxi.

Working...