However, there are still many Web sites that are using SSL certificates with SHA-1 based signatures, so we agree with the positions of Microsoft and Google that SHA-1 certificates should not be issued after January 1, 2016, or trusted after January 1, 2017. Mozilla’s CA Certificate Maintenance Policy section 8 says: “We consider the following algorithms and key sizes to be acceptable and supported in Mozilla products: SHA-1 (until a practical collision attack against SHA-1 certificates is imminent) …” NIST Guidance recommended that SHA-1 certificates should not be trusted beyond 2014. We encourage Certification Authorities (CAs) and Web site administrators to upgrade their certificates to use signature algorithms with hash functions that are stronger than SHA-1, such as SHA-256, SHA-384, or SHA-512. In order to avoid the need for a rapid transition should a critical attack against SHA-1 be discovered, we are proactively phasing out SHA-1. Collision attacks against the older MD5 hash algorithm have been used to obtain fraudulent certificates, so the improving feasibility of collision attacks against SHA-1 is concerning. In the last few years, collision attacks undermining some properties of SHA-1 have been getting close to being practical. SHA-1 is nearly twenty years old, and is beginning to show its age. Mozilla, along with other browser vendors, is working on a plan to phase out support for the SHA-1 hash algorithm. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. The integrity of the hash algorithm used in signing a certificate is a critical element in the security of the certificate. Many of the certificates used by secure websites today are signed using algorithms based on a hash algorithm called SHA-1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |