Using old security certificates to protect your business data is like riding a horse-drawn carriage on the freeway: outdated and downright dangerous.
After 25 years of faithful service and warnings of vulnerability, SHA-1 hashing is now fully and practically broken—thanks to a team of researchers who developed a chosen-prefix collision to exploit the hash function.
Experts were flagging SHA-1 to be "officially insecure" since as far as 2010, prompting the U.S. National Institute of Standards and Technology to ban the use of SHA-1 across all federal agencies. But it was not until 2015 when a group of cryptographers demonstrated a new way to break SHA-1 that everyone in the infosec domain was officially convinced about the low barriers of attacks on SHA-1. Since then, multiple research teams have come forward with their own proof-of-concept—like SHAppening and SHAttered—that have established SHA-1 to be insecure.
The above experiments demonstrated that one of the many reasons why SHA-1 has become obsolete is because it uses a 20-bytes-long hash which could be reversed or duplicated. After all major browsers fully deprecated blog SHA-1 in 2017, organizations were forced to replace all external SHA-1 certificates. But the process has not been as thorough for internal SHA-1 certificates. Because of this weakness companies like Microsoft and Apple also imposed mandatory updates on their OS to phase out the dangers of SHA-1 vulnerabilities looming on their users.
If your organization uses an internal Public Key Infrastructure that still relies on SHA-1, the risk of cyberattack grows in orders of magnitude. A PKI system’s entire functionality depends on the strength of the cryptographic hash because it uses the hashes to verify the digital fingerprints and to confirm the approval of the signing parties.
But if the PKI relies on a cryptographic hash like the insecure SHA-1, hackers who have penetrated your perimeter can easily forge your digital fingerprints to carry out man-in-the-middle attacks or steal confidential data from right under your nose.
SHA-2 offers the only secure alternative
SHA-2 is an evolved version of the SHA-1 function because it offers a more complex hash construction and longer bits of signature. For example, while SHA-1 is a 160-bit hash, SHA-2 is a family of hashes that vary in their lengths.
Although the basic function of SHA-2 works the same way as SHA-1—with the stated purpose of offering an unbreakable cryptographic hash—SHA-2 is designed to overcome the threats found in SHA-1. By design, SHA-2 is a collision-resistant cryptographic hash that comes with improved security.
Sometimes, when trying to understand SHA-2 better, you end up being more confused. That is because different people express SHA-2 differently. But don’t be caught up in the nuances of its many expressions. Just know that whether you see SHA-256, SHA-256 bit, SHA-224, SHA-384, and SHA-512, they all mean SHA-2 or one of its alternate bit-lengths.
Avoid the dangers by moving from SHA-1 to SHA-2
First, let’s understand what happens if you still haven’t made the transition from using the SHA-1 hash function. Since all major web browser vendors like Apple, Microsoft, Google, and Mozilla have moved their applications to SHA-2 hash functions, these browsers will prevent people from accessing your website if they encounter a public SHA-1 digital certificate.
But you still need to counter the substantial risk from internal SHA-1 connections. To avoid situations like this, you must move your existing internal SHA-1-based PKI structure to SHA-2 urgently. Obviously, this process sounds easier said than done. For starters, depending on your PKI structure (2-tier PKI or single tree PKI) you will have to choose from multiple PKI SHA-1 to SHA-2 migration models, such as:
- Two PKI trees, one all SHA-1, one all SHA-2
- The entire PKI tree from root to endpoints are all SHA-1
- The entire PKI tree from root to endpoints are all SHA-2
- SHA-1 root, SHA-2 issuing CAs, SHA-2 endpoint certificates
- SHA-1 root, SHA-2 issuing CAs, SHA-1 endpoint certificates
- SHA-1 root, both SHA-1 and SHA-2 issuing CAs, with SHA-1 and SHA-2 endpoint certificates
- SHA-2 root, SHA-1 issuing CAs, SHA-1 endpoint certificates
- SHA-2 root, SHA-2 issuing CAs, SHA-1 endpoint certificates
- SHA-2 root, both SHA-1 and SHA-2 issuing CAs, with SHA-1 and SHA-2 endpoint certificates
NOTE: Venafi can simplify this process substantially, finding and replacing large groups of certificates by attribute. You also have the option of deciding how to set up the PKI, what key size to use, and what hash is best for you.
When you design your plan to migrate to a SHA-2 supported PKI, we recommend setting up well-defined end-of-life for your existing, legacy PKI hierarchy, and design a second PKI hierarchy using the updated hash algorithms and key lengths. The benefit of this approach is that you can issue new security certificates to replace old ones from the beginning while having full control over the migration process.
To avoid any hassles in your migration, make sure that all your endpoints start supporting your new root CA while they are still certified by the old one. Eventually, once the new migration takes over all your devices and applications from the new PKI hierarchy, you can initiate the old PKI deprecation process.
Cryptographic events like SHA-1 deprecation underline the importance of crypto-agility. To be agile you will need to have a deep understanding of your certificates and hashing functions, and the infrastructure and data they protect. Visibility into your PKI is the foundation of effective lifecycle management. Venafi Trust Protection platform can help you and your business be crypto agile.
- 21% of Websites Still Use SHA-1. Don’t They Know It’s Broken?
- SHA-1 Collides with Reality: And It’s DOA.
- WoSign: Cheating SHA-1 Deprecation Deadlines