Yesterday, on October 8, 2015, a team of international cryptography researchers announced a significant improvement in practical attacks against the SHA-1 hash function, which is used in many contexts including the TLS protocol and TLS certificate signatures. SHA-1 became the most commonly used hash algorithm in certificates of all kinds when the industry moved away from the MD5 hash algorithm several years ago.
The risk is that with enough computing power, an attacker can exploit practical attacks against the SHA-1 hash function to craft a fake certificate that in all key respects appears to be signed by a public Certification Authority (it cryptographically chains up to a Certification Authority’s root certificate). These researchers estimate that it would cost between $75K USD and $120K USD to acquire the necessary computing power to launch such an attack – a dollar figure considered very low for many of today’s advanced cyber-criminals. This doesn’t mean that your website is suddenly insecure, but it certainly is a wake-up call.
For the past several years, Symantec has been migrating customers to certificates using the SHA-2 algorithm (which the researchers pointed out is not vulnerable to this type of attack). The vast majority of our customers have already migrated to SHA-2 certificates and are not at risk from this type of attack announced by the researchers.
However, some of Symantec’s largest enterprise customers recently told us that due to the sheer number of certificates to upgrade, they would not be able to complete the transition to SHA-2 before the CA/Browser Forum SHA-1 issuance deadline of January 1, 2016. To assist these customers, Symantec recently proposed a ballot to relax the issuance requirement, moving the issuance deadline back to January 1, 2017. However, in light of this new research detailing that the risk is much higher than previously believed, we plan to withdraw the ballot. We will continue to work with these customers to find alternatives that might work for them.
The researchers urged everyone to migrate to SHA-2 certificates as soon as possible. The current policy of most browsers stipulates that they will completely reject SHA-1 TLS certificates on January 1, 2017. However, in light of these new findings, it’s highly possible that deadline may be accelerated. If you’re still using SHA-1 certificates, you should accelerate your plans to replace them with SHA-2 certificates. All modern browsers, mobile devices and desktop operating systems support SHA-2, so the transition should be straightforward for nearly everyone.
We recommend the following:
- Check to see if your certificate uses SHA-1 with the free Symantec CryptoReport: https://cryptoreport.websecurity.symantec.com
- Login into your account, identify any SHA-1 certificates and replace them with SHA-256. Symantec customers can always replace their certificates for free.
- Install your new certificate on your server and check your installation with CryptoReport.
If you need help, Symantec certificates and Complete Website Security products come with 24/7 technical support included.