Lately, SSL has come under fire and users may be under the impression that, perhaps, there is a problem with SSL.
First, there was the announcement of the Heartbleed bug and vulnerabilities related to OpenSSL. Now, there is a lot of buzz about SHA-1 and SHA-2. Different terms are being used, such as: SHA-1 deprecation, end of life SHA-1, phase out, SHA-1 replacement, SHA-1 sunset, SHA2 migration, SHA2 upgrade, transitioning to SHA256.
What are they all referencing? The elimination of SHA-1 cryptography.
SSL technology is one of the most widespread applications of cryptography. While cryptography is an advanced concept, in layman’s terms SSL certificates can be thought of as locks.
Logically, as is the case with real-world locks, even the strongest lock will not offer protection if it hasn’t been installed properly. In the Heartbleed scenario, there wasn’t an issue with SSL encryption, but rather the way it was installed on servers using OpenSSL.
The remediation of Heartbleed-related vulnerabilities has no relation to the need to move away from SHA-1 and associated security vulnerabilities.
As they relate to SHA-1, SSL certificates — or the “locks” in this example — become less secure over time as the means of defeating them become more widely available. To increase the strength of these locks, security components (e.g., SHA) require upgrades.
The SHA family of hashing algorithms was developed by the U.S National Institute of Standards and Technology (NIST) and are used by CAs when digitally signing certificates that are subsequently issued to end-entities.
Secure Hash Algorithm (SHA) is a type of cryptographic hash function that ensures data has not been modified. SHA accomplishes this by computing acryptographic hash value for a given piece of data that is unique to that data.
Different pieces of data yield unique hash values, and any change to a given piece of data will result in a different hash value. As a result, differing hash values are key to determining if data has been altered.
Hash values help ensure the integrity of a given piece of data because they are virtually guaranteed to be unique, infeasible to predict and yet easy to compute.
Simply put, SHA-1 can be exploited by attackers to generate and install a fake certificate — if enough computing resources are applied. Over time, security standards usually become less effective two primary reason. Research finds weaknesses in the standards. And the plummeting cost of computing power makes computationally difficult attacks more practical.
For example, SHA-1's predecessor, MD5, was in use well beyond the point that attacks on it were cheap and easy.
There are no practical attacks on SHA-1 yet, but it's just a matter of years before they appear. Security researchers have discovered an attack strategy that requires only 261 computations. This would make the time required to perform an attack below current standards.
In fact, in 2012 noted security researcher Bruce Schneier reported the calculations of Intel researcher Jesse Walker, who found that the estimated cost of performing a SHA-1 collision attack will be within the range of organized crime by 2018 and for a university project by 2021. Walker's estimate suggested then that a SHA-1 collision would cost $2 million in 2012, $700,000 in 2015, $173,000 in 2018 and $43,000 in 2021.
At this point, we have time to move beyond SHA-1 before problems hit the real world. The next standard, SHA-2, is a series of hash functions with several hash sizes: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256. There is also a SHA-3, but it is a very young standard with no commercial implementations.