Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff (blogspot.com) 115
itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates.
Let XP and IE 6 die (Score:2)
Good grief 15 years is a long time in technology. A very very long time. This platform has required workaround upon work around for over 10 years now.
The only reason die hards say it is not obsolete and great do not see what crippling and sacrifices are made just to bring a web page to render. Meanwhile the rest of us have inferior sites and products thanks to these cheap skates.
Time to move on. Maybe these poor Chinese will install Linux if they have very very old hardware? Anything from 2008 and newer can
Re: (Score:2)
I have a laptop from 2004 and it runs Debian 8 without any trouble at all. With off-the-shelf and free software, everyone can comply with this so there really isn't a good reason NOT to do it.
Time is money. The cost of upgrading can be very high, as with time, the need to do a reinstall instead of a running upgrade becomes required. There's data that must migrated, often identified manually from backups, and sometimes converted to other formats. There's finding replacement programs for those no longer supported.
People stick to old versions because it works, and the cost of migrating can be daunting.
Re: (Score:2)
>The cost of upgrading can be very high
In general it's higher than the cost of the hardware itself.
Re: (Score:1)
Actually, XP and IE 6 support SHA-2, so I don't even know what you're ranting about.
Frankly, the list of browsers that support SHA-2 is quite long, and includes surprisingly old versions. I think the server side is a bigger problem. I know some fairly recent vintage appliances-- frustratingly, many of these are SECURITY appliances-- won't support SHA-2.
affordability (Score:2)
"Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates."
that's ok - because they can just throw away perfectly good hardware because the software's out-of-date, discarding the older stuff in the hope that it doesn't end up in landfill but ends up in the developing world just like we do. wait... we're *already* talking about the developing world. so that means there's no fall-back - no incentive for the endless cycle of high-profit-with-bugs-and-security-vulnerabilities-so-you-buy-a-new-one, because there's not enough profit made from the sale of newer hardware
Re: (Score:2)
So install Mandarin Linux like redflag for these users? Hardware will still work. You don't expect your 2011 era Android 2.2 gingerbread or iPhone 3 to still run your latest apps do you?
precisely. so they must be discarded, despite being perfectly well functional for the task that their user *would* like to continue to use them for... if it wasn't for the fact that they're no longer secure. the modular approach - where the "main computer" can be upgraded - is an idea that solves this otherwise impossible situation whilst minimising electronic waste and allowing people to save money at the same time.
Re: (Score:2)
http://www.bodhilinux.com/w/se... [bodhilinux.com]
Show a warning (Score:2)
Show a scary warning or something. But slightly weak crypto is better than pushing people to not use it.
Re: (Score:2)
Weak crypto is not better than nothing. Weak crypto can be decrypted and keeping it around means everyone is potentially vulnerable to downgrade attacks.
Re: (Score:2)
You're wrong. Weak crypto is better than nothing.
Sure, if you're a criminal or a state agency, but not anyone else. Weak crypto means you can trick people into thinking their communications are secure while your snooping.
Re: (Score:2)
>You're wrong. Weak crypto is better than nothing.
I'd say you're wrong.
If your device only supports weak crypto it is highly likely that it is not receiving *any* updates. Crypto library errors (not related to the cipher itself) are far too common. These errors commonly lead to the compromise of the device. If https/ssl had not been enabled on the device, your data could be compromised but not the device itself (unless you send the device admin password in the cleartext).
>Some things just don't need t
Re: (Score:1)
So weak crypto is worse than sending data in the clear? OK.
Hint: it's not. However, pretending the obsolete crypto is fine and doing nothing to mitigate it is. Performing security theater, like turning OFF https because a scanner flagged it, while still allowing unencrypted communication, is madness.
False is worse than true (Score:3)
So weak crypto is worse than sending data in the clear? OK.
I think the rationale is that a false sense of security is worse than a true sense of insecurity.
Re: (Score:2)
And why should the rest of us be vulnerable to protocol downgrade attacks because a group of people are too cheap to upgrade their shit?
RFC 1918 and the Intranet zone (Score:2)
Because some browser makers aren't smart enough to apply different policies to private internets [ietf.org] from those that they apply to the public Internet. There's a reason IE implements the "Intranet zone", and other browser makers could likewise offer an option to be more lenient with addresses in 10/8, 172.16/12, and 192.168/16 prefixes.
Re: (Score:2)
And IE has experienced a fair share of holes with mixed zone content compromising its browser.
Again, why should FF/Chrome compromise my machine because of your inability to keep your devices updated?
Re: (Score:2)
Again, why should FF/Chrome compromise my machine because of your inability to keep your devices updated?
It shouldn't. It should let people who choose to access legacy devices access legacy devices, and it should block people like you who choose not to access legacy devices from accesssing legacy devices.
Re: (Score:2)
Keeping it around also makes everyone more vulnerable. Hope the people complaining about this enjoy the imminent downgrade attacks that will be used to MITM them.
Because if the history of Internet cryptography has shown us is that keeping around old ciphers and hashing algorithms is a wonderful idea. *rolls eyes*
Re: Crypto or No Crypto (Score:3)
> Keeping it around also makes everyone more vulnerable.
No, that's the whole point of the Facebook/Cloudflare TLS switcher. Nobody gets SHA-1 signatures that can handle SHA-2.
There's something like 37 million people who can't handle SHA-2 yet. SHA-1 collisions are not a bigger risk than them running insecure HTTP instead of SHA-2-signed TLS.
Yes, if wishes were unicorns they'd all have DANE-validated TLSv1.2 with ECDHE and PFS, but not even Bernie can make that happen.
Remember. (Score:5, Insightful)
Remember; we really don't have that choice. SHA-1 is doing the mathematical equivalent of creaking, groaning, and starting to splinter under load. Our choice is not whether to break SHA-1 or not; it is whether or not to pretend that SHA-1 isn't dangerously precarious.
It's like telling a structural engineer "We can't close that bridge! People need it to cross the river!". That's exactly why we must close the bridge; because if we don't there will be people on it when it falls into the river.
(That said, in environments where security is provided by other means, say a suitably isolated management-only network, there will continue to be a need for browsers that can interact with pitifully outdated SSL implementations for some time to come, probably a disgustingly long time; just as various ancient JVMs are currently kept around to interact with assorted horrible management interfaces, network KVMs, and the like. In practice, since virtualization is so cheap and such legacy systems should be kept the hell away from the internet, we'll probably just end up using an old browser version on a VM that is firewalled from everything except the legacy devices it is used to manage; but there will be places where compatibility will require accepting a known-pitiful authentication mechanism; but such environments should treat that mechanism purely as an archaic quirk, not as any sort of substitute for security.)
Sounds about right (Score:2)
Weight of a standard bus (Score:2)
SHA-1 is like a bridge marked for 10 tons of weight, but it actually can only carry 5 tons.
SHA-1 is like your 5-ton bridge marked as a 10-ton bridge when the occupied weight of a standard bus is 10 tons. I guess browser makers don't see much application for a 5-ton bridge apart from bicycles.
This is really a regulatory problem (Score:1)
Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto. Therefore either those people are screwed by being cut off, or the entire world is screwed by broken crypto. Note that this situation damages third parties.
The right answer is for governments to do their job and set some rules in the marketplace. I suggest these:
If you sell something, you are responsible for its software in perpetuity. You will release
Re: (Score:2)
I agree with that.
Doesn't mean it's not the right thing to do...
Re: (Score:2)
Actually yes. Hiding the costs is not OK and externalizing them is worse.
In this particular case, though, it might actually be cheaper to just upgrade all the affected devices than to screw around with some of the proposed workarounds. It's not free for, say, Facebook to come up with whatever weird fallback hack they're pushing. By the time you add up the costs of everybody having to deploy that kind of crap, it would almost certainly be cheaper just to fund somebody to fix most or all of the affected devic
Re: (Score:2)
Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto.
That is a load of crap. Either manufacturers have been creating things with poor security (different debate) or people are using equipment long past their usable life span. It's replacement has been around for 15 years. Windows XP and IE6 support SHA-2. Specific devices are most likely in a scrap heap in China, or used in such critical services that users know the exact risks and are either working around them or living with them (and unlikely to be browsing Facebook anyway).
Re: (Score:2)
You realize that phrase is self-contradictory, right?
You realize that PC operating systems aren't the big problem, right?
Facebook disagrees [facebook.com] with your assessment of what people are using to browse Facebook, and is doing a lot of work to support those out of date systems.
Re: (Score:2)
You realize that phrase is self-contradictory, right?
I work for a company where the vendor calls us when someone else has support questions about their old equipment. Equipment that is EOL many years ago yet none the less is used in many places. The statement is only theoretically contradictory. In the business sense, legal sense, and practical sense it is a very real scenario.
.You realize that PC operating systems aren't the big problem, right?
Yes, did you see my point about equipment past usable life, and idiot vendors? Or did you just scroll straight down to the XP comment?
Facebook disagrees [facebook.com] with your assessment of what people are using to browse Facebook
They may disagree with what is being used to brows
Android Studio looks signed to me (Score:2)
The Android Studio download page [android.com] is signed with a TLS certificate issued to *.google.com with serial number 04:32:D9:AF:F1:79:D0:7E and SHA-256 fingerprint:
It links to a 1.2 GB file, also behind an HTTPS URI. How is HTTPS insufficient to specify the publisher?
Re: (Score:2)
That the route you use to get to the file is signed doesn't indicate that the file itself is signed.
What assurance does that the file itself is signed provide that that the route you use to get to the file is signed does not provide?
Compromised build server; cost to small entity (Score:2)
If the server was compromised for example, you'd get right place, wrong file.
The same would be true if the build server was compromised.
In addition, for developers not quite as big as Google, one TLS certificate to obtain and keep renewed every year is cheaper in both time and CA fees than one TLS certificate for the website every year and one code signing certificate per platform per year. Or is there a counterpart to StartSSL or Let's Encrypt for code signing yet?
For Everyone moaning (Score:1)
Since GameSpy died (Score:2)
I dropped WEP in favor of WPA in June 2014, once GameSpy had shut down. The last pre-WPA device I had that needed WEP was a Nintendo DS, and online games for DS had relied on GameSpy.
What about SHA2 support in FireFox for DHE? (Score:3)
Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1?
To quote Michael Staruch from the above link: It looked more like attempts to discredit DHE and push everyone into ECC. And I am not so sure if that's best way to protect our privacy, especially with multiple TLS clients supporting only NSA Suite B curves.
Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to something else (with a second connection, if necessary) if weak dhparams are used by the server.
Consumer market is irrelevant (Score:2)
Notification pages need improvment and new laws (Score:2)
The notifications pages that come up need improvement to let people know what happened. Just because a certificate doesn't pass doesn't mean
Second there needs to be laws on the books that manufactures must abide by to sell embedded products.
1. They must offer security updates for all embedded devices for 25 years.
2. They can EOL their product anytime prior by opening the devices to external developers and firmware.
3. Going bankrupt does not negate these responsibilities so each product must have an immediat
CloudFlare have another pragmatic proposal (Score:2)
CloudFlare have another pragmatic proposal - require CAs to randomize the certificate serial numbers instead of using predictable sequential numbers. Note that this precaution would have made even MD5 certificates safe against current known attacks.
https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/ [cloudflare.com]
Re: (Score:1)
Irrational post is irrational.
I think you should consider how one can hold these two thoughts simultaneously:
"
You want to promote better security, I'm right there with you.
You want to cut off older technology, using security as an excuse for forced upgrades ... well, you can go fuck yourself.
"
Re: (Score:3)
Down-mod on the parent is ridiculous. "Using security as an excuse for forced upgrades" is indeed irrational. None of the three players makes money on hardware or OS upgrades, so the conjectured conspiracy theory is pure tinfoil-hattery.
SHA-1 is broken and needs to die. We aren't doing the developing world any favors by keeping it.
Re: (Score:2)
GGGP was calling out Google, not Microsoft.
Chrome upgrades are free. Mozilla upgrades are free. Why is it a bad thing to force upgrades in the name of security here? That doesn't make any sense to me. It's not like anybody actually uses Microsoft's browsers anyways.
Re: (Score:2)
Considering MS is not in the hardware business, Windows 10 was free, and MS is betting its future revenue on cloud services instead of Windows Server licenses.
Re:Dear Microsoft, err, I mean Google (Score:4, Informative)
Considering MS is not in the hardware business
So they make phones [microsoft.com], tablets [microsoftstore.com], consoles [xbox.com], their own laptop [microsoft.com], fitness bands [microsoft.com] and keyboards and mice [microsoft.com] but they aren't in the hardware business?
Windows 10 was free,
For one year and only for consumers.
and MS is betting its future revenue on cloud services instead of Windows Server licenses.
And yet those licenses are still a big portion of their revenue and revenue from that grew 6% just their last quarter.
Re: (Score:2)
And to add, I don't believe that this removal of SHA-1 is to force OS or hardware upgrades, but your claims were simply patently false.
Re: (Score:2)
Does it run Linux?
Re: (Score:3)
So they make phones [microsoft.com], tablets [microsoftstore.com], consoles [xbox.com], their own laptop [microsoft.com], fitness bands [microsoft.com] and keyboards and mice [microsoft.com] but they aren't in the hardware business?
Loss leaders to generate service revenue. Direct revenue from hardware sales is a drop in the bucket. That bucket is growing quarter over quarter, but so too is cost of revenue. Profit margins are low in hardware. But more importantly, and far more relevant to the "forced upgrade" argument: they do not sell PC's or server hardware that would be affected by killing SHA-1.
Windows 10 was free,
For one year and only for consumers.
When MS shuts off SHA-1 on July 1st, Windows 10 will still be free.
and MS is betting its future revenue on cloud services instead of Windows Server licenses.
And yet those licenses are still a big portion of their revenue and revenue from that grew 6% just their last quarter.
But with $15 billion invested in PaaS, there is nowhere to expand except
Re: Dear Microsoft, err, I mean Google (Score:2)
Actually the surface is Microsoft's 2nd biggest revenue now. But the intention is not to be evil. It is to protect their image and customers as security conscious. For those developing websites the day couldn't come quick enough.
Html 5 is more secure too and gives flexibility to website makers.
Jeez folks nothing wrong with change. It is not an evil conspiracy for increased security
After July 2016, upgrades will be paid (Score:2)
When MS shuts off SHA-1 on July 1st, Windows 10 will still be free.
For one more month. I remember reading that Microsoft announced that the offer to upgrade compatible PCs with valid a Windows 7 or 8.1 license to Windows 10 without charge would be available only for the first year [pcworld.com] after the release of Windows 10. This year ends on July 29, 2016: "After the first year, upgrades will be paid via boxed product and VL Upgrades.”
Re: (Score:2)
Loss leaders to generate service revenue
So what? If they make and sell hardware they are in the hardware business.
Re: (Score:2)
If folks go that whole month without knowing SHA-1 is dead, then it really didn't affect them much and they don't need to upgrade. If they do need to upgrade, they will know very quickly.
Re:Dear Microsoft, err, I mean Google (Score:5, Insightful)
The six year old car you are driving is not as secure as a car produced this year. You are required to upgrade.
The lock on your door is not as secure as today's locks. In the interest of security to your business you must change all locks on your premises.
Yes, these involve physical items and cost, but the concept is the same. What business is it of Microsoft, or Alphabet (Google), or Mozilla if someone is using an insecure piece of software? It's not their system.
Whatever happened to letting people decide how they manage their systems? Are we again dragging out the canard that developers or companies know more than the user considering every iteration of all three products don't simply fix bugs but break things, including the UI, or remove features people used.
Re: (Score:3)
The lock on your door is not as secure as today's locks. In the interest of security to your business you must change all locks on your premises.
This happens all the time. Insurance companies force businesses to change their locks, install alarm systems, etc. Either by changing the goal post with their premiums, or by simply rejecting an application for property insurance. I don't recall any time in the US where operating a business was an inalienable right. (You may be outside of the US, I'm taking a guess here given the assumptions I believe you've made)
Re: (Score:2)
>The six year old car you are driving is not as secure as a car produced this year. You are required to upgrade.
Windows XP is not a six year old car... is more a card without breaks. you are not allowed to drive a car without break on normal roads, but on your private road, you can do anything. you are not forced to trash the car, just can not use it for every day.
XP is way too limited. you can keep it if you want, but after that date, most sites will block you. browser internal networks or any still ope
Re: (Score:3)
> What business is it of Microsoft, or Alphabet (Google), or Mozilla if someone is using an insecure piece of software? It's not their system.
Herd immunity. Your insecure shit affects everybody on the internet. Which goes to the car thing... if your car is found to have a dangerous defect, the state you live in can black flag it and fine you or tow you if you drive it, until it is repaired. Or, in other cases you will not be able to get a certificate of inspection when your previous decal expires.
>Wha
Re: (Score:2)
So then I was correct in what I said. You driving around in an insecure car endangers the rest of us. The same thing with not having a more secure lock on your business which drives up my insurance costs.
Thanks a lot you infected cur.
Re: (Score:1)
Whatever happened to letting people decide how they manage their systems? Are we again dragging out the canard that developers or companies know more than the user considering every iteration of all three products don't simply fix bugs but break things, including the UI, or remove features people used.
If your system isn't connected to a network and ultimately the internet it doesn't make much difference. If it is then things change - events on your system can impact other systems. That doesn't really happen in your lock changing scenario, does it?
SQL Slammer worm wreaks havoc on Internet [zdnet.com]
Re: (Score:2)
Microsoft, as it turns out, sells something called "Office" that provides more revenue than any other division. Then there's cloud services, which is cannibalizing Windows licenses and contributing to an ever decreasing year-over-year revenue percentage for Windows itself. The last version of the desktop OS was given away for free.
Re:Dear Microsoft, err, I mean Google (Score:5, Insightful)
So you'd prefer more crypto downgrade attacks?
Re: (Score:3)
I don't think that UA has been a good detection method for a long time.... they all purport to be Mozilla by default for one thing. Also, all the major browsers will let you change your UA to whatever you want.
Re: Dear Microsoft, err, I mean Google (Score:5, Informative)
Since when has Slashdot become a Luddite websites for those that fear change?
XP is 15 years old! Things move on. We are tired of turning down 2008 era html 5 and leaving our phones with a better browser experience because of XP IE 6/8 compatibility from a different era. If the hardware is from 2008 or earlier you can install Linux for free?
Do you not change your oil and timing belts either
Re: (Score:3)
please think a little bit outside of the box of your own environment, and act responsibly.
And acting responsibly is to remove insecure crypto not to keep it around. Are you ignorant of all the crypto downgrade attacks that have been found just in the last year?
Re: (Score:2)
Well when baduu and facebook no longer load and give a message to upgrade people will do so or call someone who knows something.
I mean nothing lasts forever. Do you use 2002 era phones still too? The internet is dangerous. IE 8 uses ram when you have lots of tabs too. The users there are used to the bloat and Firefox/Chrome while being more cpu intensive render javascript much much faster JIT.
This is a nudge and my guess is any pc with 128 megs of ram would be dead with bad caps dying on the board or PSU. M
Re: (Score:2)
Do you use 2002 era phones still too?
No, but I'm pretty sure my current phone was made in 2005 or earlier. It's an Audiovox 8610 flip phone, and I keep it because $7.50 per month on Virgin Mobile is a lot cheaper than a smartphone plan.
Re: Dear Microsoft, err, I mean Google (Score:2)
I bought my mother who is 63 a Nokia 640. $55 and works with tracfone. Apps, email, navigation, IE 11, and a nice on her eyes with big tiles.
Re: (Score:2)
I bought my mother who is 63 a Nokia 640. $55 and works with tracfone.
How much does service for a Lumia 640 on TracFone cost per month?
Re: (Score:2)
Use linux instead of windows. Problem solved!
Re: (Score:2)
oops, press submit way too fast! :)
If you have a computer with 128MB of RAM, you are talking about pentium 1/2/3 /very old athlon computers!!!
buy a Raspberry PI !! it have more memory and probably faster and uses a lot less energy.
also, firefox uses as much memory as tabs you have open. a clean firefox with one tab open is using 230MB on a computer with 8GB... a 512MB computer is enough... not fast, but computers from that era aren't fast too
Re: (Score:1)
They can always use a lower-footprint browser like Midori or others. I forget the name but there's a lightweight browser in some DSL versions. Those will run just fine but they'll want to install them (which you can do with DSL even though I've seen suggestions that you run it only from the live USB/CD) so as to have marginally better memory management options. It's certainly do-able and probably won't be all that slow so long as they're not trying to run a lot of applications on them. There are a pile of d
Re: (Score:1)
Slashdot has been a website for luddites and neo-reactionaries ever since Red Hat adopted systemd and people caught on to the fact that Linus Torvalds is a caustic asshole. Apparently the same kinds of people who thought "Free Software" was "too political" get offended when you suggest that Free Software operating systems standardize on halfway-decent system infrastructure or that development communities try not to be toxic pieces of shit.
And before those same predictable neo-reactionaries come back and say
Re: (Score:3, Insightful)
All my modern hardware will have no problem with this change.
I have older hardware and software that simply doesn't know anything about SHA-2 and never will. Should that hardware stop functioning just because Google thinks that pulling down weather forecasts requires perfectly secure SSL connections?
Changing oil and timing belts don't obsolete the car, and they wear out. Software doesn't wear out, but for some reason we get forced into upgrades that INTENTIONALLY OBSOLETE FUNCTIONAL SOFTWARE ... and thats
Re: (Score:3)
> just because Google thinks that pulling down weather forecasts requires perfectly secure SSL connections?
Yes. Because *everything* that is served with a Google cookie or by a Google server should be protected by strong encryption so you can't use one function to attack another function inside the same domain. I'm pretty sure you're fucking clueless at the risk profiles at this point and why so many different groups want to get rid of SHA-1.
Software does wear out. It wears out when it becomes a serious
Re: (Score:2)
If the hardware is from 2008 or earlier you can install Linux for free?
It would be viable if we had a way to retrain millions of people in hundreds of countries who speak many different languages. I kind of hoped Ubuntu's founder would have the resources to do just that. But it doesn't seem to be happening.
Re: (Score:2)
I'd like to point out that Firefox and Chrome still support all the way back to Windows XP (though Chrome support is ending April 2016). It is very easy to get a hold of the latest and most secure browsers available. If people are not willing to upgrade their browsers after the cutoff, well I doubt they will upgrade their operating system (because upgrading a browser is trivial, at least in comparison to upgrading an OS).
This is not what will force people to upgrade. Maybe other things, but not this.
Note: This was written more to answer the Microsoft side of the problem. Why would Google be pushing upgrades? (Genuine question)
If the OS is not secure anyway (XP was not designed with security in mind besides a password from the AOL/MSN era) and has not been patched in over a year and half defeats the purpose.
It should frankly be illegal to do any customer credit card processing on such systems.
If you are very poor Asian try putting Linux. The hardware will soon die anyway if you can't afford Windows 10 which will run on hardware from 2009 and later since it is based on the Windows 7.xx driver model.
Re: (Score:2)
I don't know why you were down modded, because you are correct. Yes, security is a big issue, but is it really up to my browser to determine what sites I am permitted to see or not? Instead of prohibiting a site with SHA-1, at best the browser should intercept the call and display a message that the site might not be secure. The browser's job is to display content, not to determine what sites a person I or anybody else might want to use. SHA-1 site? Fine, warn me, but it should still be my decision if I w