It’s not like we didn’t know SHA-1 was vulnerable. It’s been deprecated for years. But somehow our false sense of security persisted. And we optimistically hoped that it would remain too expensive and time-consuming to crack the hash for a little while longer. Well, it’s time to face reality. SHA-1 is officially broken. Collision attacks have now moved from the realm of theoretical to the practical. Researchers from Google collaborated with the CWI Institute in Amsterdam to prove that it’s possible to break the SHA-1 hash algorithm.
Collision attacks allow cyber criminals to forge certificates and perform man-in-the-middle attacks on SSL/TLS connections. In a collision attack, the same hash is generated multiple times, allowing an attacker to trick the encryption into artificially validating a malicious file. Google researchers noted, “It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.” In other words, a SHA-1 signature produced for one file could be misused as a valid signature for any other colliding file.
How big is the potential impact of a collision attack? The Google blog outlines the most vulnerable areas for SHA-1 attacks. “You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage.” According to TechCrunch, systems that could be compromised by collision include, “document signature, HTTPS certificates, version control (git), backup systems, software updates, ISO checksums and more.”
“Google's announcement just confirms what is already known: SHA-1 is simply not secure”, comments Venafi chief security strategist, Kevin Bocek. "Attacks against SHA-1 are no longer science fiction. Unfortunately, despite the dangers, many organizations are just not reacting quickly.”
This should all be a bit frightening for any organization that has not yet completely migrated away from SHA-1. In fact, Google researchers warned that the vulnerable SHA-1 protocol should no longer be considered secure. The researchers caution SHA-1 laggards to take their findings seriously. “We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256.”
The reality is that SHA-1 migration has been urgent for a long time. Yet many organizations have had trouble committing to the transition. And repeatedly crying wolf doesn’t seem to have accelerated the transition. In November Venafi research found that 35 percent of organizations were still using SHA-1 certificates. "These companies might as well put up a welcome sign for hackers that says, ‘We don't care about the security of our applications, data and customers',” Bocek told SC Magazine.
It’s well past time to put up a “no trespassing” sign for SHA-1 collision attacks. Browsers are already issuing security warnings for websites that still use SHA-1 certificates. And, even if you have convinced yourself that it’s okay to ignore these warnings, your customers and partners may not agree.
Do you have any SHA-1 certificates lurking in some remote part of your network? Now is the time to dig deep and carefully inspect certificates across all of your your certificate authorities.