SHA-1 Anyone? Let's Hash It Out...


Posted on by Errol Lloyd

The Peer2Peer discussion in SHA-1 Anyone? Let's Hash It Out... centered on the web's transition away from the SHA-1 hashing algorithm, used as a digital signature within digital certificates.

To kick-off the session, I asked if anyone heard the SHA-1 news during the Cryptographers' Panel earlier that day. No one in the room caught it; not surprising because the discussion at this year's Cryptographers' Panel was rich in content. From the start we had our most significant take-away of the Peer2Peer session: a viable approach to forging a SHA-1 signature could be announced soon. So, if you're not finished with your internet SHA-2 migration, then plan to accelerate your efforts.

Reference to SHA-1 in the Cryptographers' Panel at RSA Conference 2016:

Dr. Adi Shamir's statement on SHA-1 during the Cryptographers' Panel indicated that the proverbial other-shoe may drop in the next few months. Dr. Shamir said, "I fully believe that within the next few months we are going to see a real collision in SHA-1 being announced by an academic team located at CWI, headed by Marc Stevens ... [These are the same researchers behind 'The SHAppening: freestart collisions for SHA-1']". The Hashing Algorithms segment of the panel (including SHA-1) starts at 36:19 of the following video: The Cryptographers' Panel at RSA Conference 2016.

Peer2Peer Demographics...

Though attendees from medium to large enterprises held a slim majority, there were delegates from a range of industry sectors, representing at least three continents. We saw a slight improvement in the gender gap, but we have a long way to go. Ladies accounted for about 9 percent of the attendees, compared to 4 percent in 2015.

Peer2Peer Dialogue...

Let's step through some of the main questions we addressed during the session: 

Are you on-pace to move away from SHA-1 by January 1, 2017?

A few enterprise attendees already completed their internet-facing environments; while others were on-pace to complete the transition before 2017.

Is this end-date "too close for comfort," too far away or just right?

No one stated an opinion here. We moved quickly on to the topic of hidden challenges in the non-web browser space; specifically, legacy devices and B2B/app-to-app TLS sessions.

Did you know that some major players are considering an earlier date to end support?

The date July 1, 2016, was news to most people in the room. Most in attendance were likely focused on the daily-grind of migrating to SHA-2.

Here are a few references to the earlier date being considered. 

  • Mozilla Blog: Continuing to Phase Out SHA-1 Certificates: "As we said before, the current plan is to make this change on January 1, 2017.  However, in light of recent attacks on SHA-1, we are also considering the feasibility of having a cut-off date as early as July 1, 2016."
  • Microsoft Blog: Windows Enforcement of Authenticode Code Signing and Timestamping

Note: The link above is for the main / current version of the blog. References to June 2016 were removed in blog revision #34 (25 Mar 2016). The links below refer to the last revision of the blog where the quote was included.

  • Microsoft Blog: Revision #33 Dated: 24 Mar 2016: "December, 2015 update: Microsoft is aware of recent advances in attacks on the SHA-1 algorithm and we are evaluating the impact of moving the dates on our schedule up further to help protect customers. The most significant revision we are considering is to introduce a "speed bump" into the process in June of 2016, which will provide a notice to customers that the website is using a SHA-1 certificate."
  • Microsoft Blog: Revision #12 Dated: 30 Nov 2015: "October, 2015 update: Microsoft is aware of recent advances in attacks on the SHA-1 algorithm and we are evaluating the impact of moving the dates on our schedule up further to help protect customers. The most significant revision we are considering is moving the TLS certificate deprecation up to June 2016." 

Have you started to look beyond SHA-2?

For all in attendance SHA-3 was not a top priority. This response is well within reason, due to the required focus on moving to SHA-2 and minimal support for SHA-3 today.

Why is migrating to SHA-1 so difficult?

A healthy debate was sparked by this question from one delegate: "I don't understand why this migration is so difficult." After explaining some basics of the Transport Layer Security (TLS) protocol, she asked, "Why is migrating to SHA-1 so difficult?” The remainder of the room had an instant reaction; everyone wanted to speak at once. More than a few people answered the question from their perspective. Still not convinced by their explanations, the questions and debate continued.

Do you have funding for this migration?

When I asked how many in the room had a cybersecurity budget line item for this migration, only one person said yes. In fact, another organization was well over spending estimates on their 1024-bit key migration and was not sure how they would fund SHA-1 end-of-life.

By the end of the session, did we identify better approaches to cycle these algorithms through the Cybersecurity ecosystem?

A few shared the tools and vendor products they used to help them through the migration. At that point I ended the session hoping to continue the conversation after Conference week.

Emerging Patterns...

As I prepared the session notes, a few patterns emerged.

There seemed to be a clear knowledge gap between the P2P attendees and people generally responsible for software applications. With the Dev-Sec-Ops movement taking flight and developers becoming the new kingmakers, now is a great time to improve awareness in the community.

It's now clear to me that a limited understanding of digital certificates and TLS may be the largest contributing factor to the slower transition. With more knowledge of TLS, key elements in the IT ecosystem would be built for cleaner security upgrades. For example, improved capability to patch single purpose hardware devices to support SHA-2 or load the new Certificate Authority (CA) certificates required.

The Road Ahead...

Dr. Adi Shamir's statement on SHA-1 was another early warning worth heeding. That was back on March 1, 2016, several months ago, so plan on completing your internet-facing migration to SHA-2 as soon as possible.

The following question was covered briefly during the session and is certainly a candidate for future discussion: How much control do you have over your internal network migration?

Most people in the session need resources allocated for programs such as the SHA-2 migration and certificate education. Will more knowledge of digital certificates lead to better practices and faster transitions in the future?

To the attendee who asked, "Why is migrating to SHA-1 so difficult?” I'd like to ask:

  1. What is different about your organization?
  2. What are the unique traits and experiences that lead to a smoother process?
  3. Is it the type of industry, cultural norms, organizational structure, or technology employed?

Perhaps, the answers to these questions will identify better ways of moving to new algorithms in the future. SHA-3 Mon Amie?

Errol Lloyd returned to RSA Conference 2016 after facilitating highly-rated Peer2Peer sessions in 2014 and 2015. An expert in Digital Certificates, Errol developed a deep understanding of certificate management, Public Key Infrastructure, Certificate Authorities, and Transport Layer Security. He is the Technical Lead of Data Protection Engineering—with more than 16 years’ experience in Cybersecurity—and holds a CISSP security certification. Errol also provides security consulting services and secure transport troubleshooting across global networks, from mobile to mainframe and everything in between. 


Contributors
Errol Lloyd

Principal / Technical Lead, Data Protection Engineering, Fidelity Technology Group

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs