At death’s door for years, widely used SHA1 function is now dead

Topic

New Reply

MD5 was hacked years ago. Now, Google has come up with an algorithm that generates two different PDF files with the same SHA1 hash. Still unscathed: S
[See the full post at: At death’s door for years, widely used SHA1 function is now dead]

3 users thanked author for this post.

PhotM, Elly, ch100

Reply | Quote

Replies

From Microsoft: “SHA-1 Collisions Research” (February 23, 2017) – https://blogs.technet.microsoft.com/msrc/2017/02/23/sha-1-collisions-research/

Reply | Quote

There is a security-related aspect of the July 2016 update rollup for Windows 7 (KB3172605) and Windows 8.1 (KB3172614). The security-related aspect relates to Microsoft’s SHA-1 plan phase one at https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx:

“The first phase of our plan is to indicate to users that browse to TLS-secured websites that SHA-1 is less secure than SHA-2. Today, when customers use Microsoft Edge or Internet Explorer 11 to browse to a TLS site that uses a SHA-1 end-entity certificate or issuing intermediate, customers will notice that the browser no longer displays a lock icon. ”

From “An update to our SHA-1 deprecation roadmap” (https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/):

“Update as of 7/24/2016:

The above changes to the lock icon for SHA-1 protected sites are now available on all supported versions of Microsoft Edge and Internet Explorer 11. These changes are included in the following updates:

Windows 10: KB3163912
Windows 10 Version 1511: KB3172985
Windows 7 and Server 2008 R2: KB3170106 and KB3172605
Windows 8.1 and Server 2012 R2: KB3170106 and KB3172614”

From the comments:

“For Win7, and Win8.1, you will need to install the latest Internet Explorer Cumulative Update (KB3170106) AND the latest Windows rollup update. The Windows rollups are currently offered as Optional updates on Windows Update:
July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB3172605)
July 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB3172614)”

I verified on Windows 7 x64 that KB3170106 is not sufficient for the phase one behavior; you also need KB3172605 installed. I assume that the same is true for KB3172614 for Windows 8.1.

Note: KB3172605 and KB3172614 are now classified as Recommended (not Optional) updates by Microsoft.

How to test this issue:

1. Find a website that uses a SHA-1 certificate. I tried some “Recent Worst” websites at https://www.ssllabs.com/ssltest/index.html until I found one: mydesktopsms[dot]telenor[dot]dk.

2. Verify at https://shaaaaaaaaaaaaa.com/ that the website from step 1 uses a SHA-1 certificate. If it doesn’t, go back to step 1.

3. Browse the website from step 2 using Internet Explorer 11 or Edge. The desired behavior is that you should not see a lock icon. The undesired behavior is that you do see a lock icon.

P.S. I wonder if Group B folks will get the phase two and phase three updates in the future?

MrBrian (I will register here as soon as I get some email account maintenance done)

2 users thanked author for this post.

ch100, PhotM

Reply | Quote

@ Brian

In mid-2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates.

.
.

Quoting a commenter(from 6 months ago = Aug 2016)) at,
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/#6e0xhQdUxSfvUgQj.97

After applying KB3172605 several websites that use TLS 1.0 and SHA-1 would not display in IE11. These sites run in enterprise mode. Fortunately we only hit 10% of the fleet before catching the issue. We suspended deployment and are now uninstalling KB3172605 from those affected devices until we can find another work-around.

.
.

Quoting from(01 Sep 2016),
https://social.technet.microsoft.com/Forums/windows/en-US/8d8bc662-ccfc-48b5-afb6-796a88fd73e0/kb3172605-and-internal-selfsigned-sha1-sites-on-internet-explorer-11?forum=ieitprocurrentver

Since installing KB3172605 on our client machines, we can’t access the Cisco CM User page for our phone services. The site uses a self-signed SHA-1 certificate.

.
.

Win 7/8.1 admins and users should take note of the above “negative” reactions/consequences.

P S – KB3172605/KB3172614 was the optional July 2016 Convenience Rollup for Win 7/8.1, which when installed will block all insecure SHA1 websites from IE11.

Reply | Quote

1. A newer version of KB3172605 was released in September 2016. I don’t know if the issue was fixed in this newer version.

2. There is no blocking of SHA1 websites yet in Internet Explorer 11 or Edge. That is expected to happen in mid-2017.

3. KB3172605/KB3172614 are now Recommended (not Optional) updates.

MrBrian

Reply | Quote

I’m not sure I’d use the word “unscathed” for SHA-256 just because no non-government entity has published/demonstrated an algorithm shown to cause a collision. These hash algorithms were designed to be too expensive for the public to break but not quite beyond a government to break. It’s all about compute power and cost.

And note that the article claims it still costs “as little as $110,000” to attack SHA1. Not exactly back room hacking level. Still, it’s certainly not government-only-expenditure level either.

“Our work shows that it is now practical to find collisions for SHA1 and that thus it is not secure to use for digital signatures, file integrity, and file identification purposes,” Marc Stevens, the lead researcher, told Ars. “Everyone should migrate to safe standards before real-world attacks happen, not after. Note that attacks can only get better and faster, computational power only becomes cheaper, and attackers have the uncanny ability to be more creative in exploiting vulnerabilities than common expectations.”

So now we sign software we wish others to consider “authentic” with code signing certificates sporting SHA-256 protection (my company has been doing it for 2 years, actually). But it’s just incrementally more expensive – not impossible – to break, so we can expect to go through this again in the future as technology advances.

-Noel

2 users thanked author for this post.

Elly, PhotM

Reply | Quote

It’s been over two years since I have allowed any of my browsers or email clients to use TLS1.0 or SHA1. Or several other insecure cipher sets.

With Chrome and Firefox, these protocols have been blocked by default for about the same length of time.

I would not trust any site which still uses these insecure or obsolete protocols.

-- rc primak

Reply | Quote

From Mozilla Security Blog: “The end of SHA-1 on the Public Web” – https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/

Reply | Quote