How many organizations may have overlooked or delayed the migrations of SHA-1 certificates in internal environments? They are hard to find, hard to track, and harder to monitor and may not have expiration dates that would drive migration.
Everyone who didn’t feel they had to worry too much about replacing those hard-to-find internal SHA-1 certificates will now have to start worrying. Microsoft is in the process of phasing out the use of the Secure Hash Algorithm 1 (SHA-1) code-signing encryption to deliver Windows OS updates. On February 15th, 2018 Microsoft announced that customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019.
“Due to weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively [after July 19],” reads the notice. “Any devices without SHA-2 support will not be offered Windows updates after July 2019.” Starting in early 2019, the migration process to SHA-2 support will occur in stages, and support will be delivered in standalone updates.
What does this mean? Simply, no SHA-2 support, no more updates. This roll out planning affects users of Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and some older versions of Windows Server Update Services.
For the time being, Windows uses both the SHA-1 and SHA-2 hash algorithms to authenticate its updates and prevent tampering by man-in-the-middle attacks, with newer systems supporting only SHA-2, while the older ones support only SHA-1. SHA-2 upgrades will roll out to the affected products over the course of several months, beginning March 12.
Why has Microsoft come to this decision?
SHA-1 was developed by the National Institute of Standards and Technology (NIST) and by the National Security Agency (NSA). This algorithm generates a 160-bit hash value and was developed for use with DSA (Digital Signature Algorithm) or DSS (Digital Signature Standard). SHA-1 remains a widely used part of code-signing, but its efficacy has declined over time as more and more attacks that break it have popped up. As a result, NIST has officially deprecated SHA-1 in 2011. Microsoft for instance has cited the existence of known collision attacks against SHA-1 as the main reason for advising against its use. Collisions occur when an attacker is able to generate a certificate with the same signature as the original certificate.
This is only the latest step for Microsoft in phasing out SHA-1. It has been actively deprecating the SHA-1 and older hash algorithms like RC4 since at least 2013. Other tech giants, including Facebook, Google and Mozilla, have already done the same. Starting from version 56, which was released in January 2017, Chrome considers any website protected with a SHA-1 certificate as insecure, while Firefox has deprecated SHA-1 as of February 24th, 2017.
According to the team that actually broke SHA-1, any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include Digital Certificate signatures, Email PGP/GPG signatures, Software vendor signatures, Software updates, ISO checksums, Backup systems, GIT, etc. TLS/SSL certificates are not at risk because any Certification Authority abiding by the CA/Browser Forum regulations is not allowed to issue SHA-1 certificates anymore.
It is high time to update
All technology providers urge their customers to update from SHA-1 to SHA-2. But this may not be so easy as it seems. Older, hardware-based solutions may require upgrading to support these newer technologies. The use of cryptographic security algorithms is meant to instill trust to your customers. If you value your customers and your organization’s reputation, it is high time to invest in your security. With visibility and intelligence from a robust platform for machine identity management, Venafi can help you find and replace internal certificates, even in hard to locate areas of your network.