Despite months of reminders and warnings, more than one-third of websites will become inaccessible come 2017. There is barely a month left before major browsers start blocking websites using certificates signed with the SHA-1 hash, but 60 million-plus websites still rely on the insecure encryption algorithm, according to the latest estimates from security company Venafi.
Starting Jan. 1, Mozilla's Firefox browser will show an "Untrusted Connection" error for sites using a SHA-1 certificate, and Google's Chrome browser will drop all support for SHA-1 and completely block sites using SHA-1 certificates. Microsoft has said its Edge and Internet Explorer browsers will start blocking the sites outright on Feb. 1, 2017.
These error messages are different from the browser warnings users typically see for incorrectly configured site certificates, which users can ignore and still access the site. In the case of Google, Chrome will display a network error with no way for the user to bypass and still get to the site. Mozilla will allow Firefox users to override the error message if the issuing certificate authority is included in Mozilla's CA Certificate Program.
Users will no longer be able to access these websites after the deadline, significantly disrupting business operations, warned Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. While there has been significant progress with the migration -- Mozilla said last month that the use of SHA-1 on the web since May 2016 has dropped from 3.5 percent to 0.8 percent -- enough websites are still relying on the weak certificates. These organizations are at risk for security breaches, compliance problems, and outages affecting security, availability, and reliability.
The case for the SHA-1 migration
For years, experts have warned of the security weaknesses in SHA-1 that make the hash particularly susceptible to collision attacks. The National Institute of Standards and Technology (NIST) called for dropping support for SHA-1 back in 2006. New collision attacks have significantly lowered the cost of breaking SHA-1 algorithm, raising concerns that it won't be long before there is a serious cryptographic break. As such, the transition deadline for SHA-1 is long overdue.
"Successful attacks on SHA-1 are well within reach of nation states and other sophisticated adversaries, and these allow them to 'mint' trusted SHA-1 certificates," Bocek said. As early as 2012, attackers were able to distribute the Flame malware using forged Microsoft MD5 certificates.
The industry has been moving away from the insecure cryptographic function toward more secure alternatives, but the migration has been both challenging and time-consuming. The average organization has more than 23,000 keys and certificates, and most typically have poor visibility over how these certificates are being used within their environment. They struggle to get started because they have to first identify all the SHA-1 certificates that need to be replaced. This isn't as simple as getting new certificates from the certificate authority and slotting them in place. It's a multistep process of identifying all the certificates that need to be changed, deploying and testing the new certificates, revoking old certificates, and setting up controls to manage the new certificates.
For many organizations, the process of migrating away from SHA-1 to SHA256 or other safer cryptographic functions is like an unpleasant visit to the dentist, Bocek said.
The coming changes in browsers
Major web browsers have been warning of the impending changes for months. Chrome and Firefox currently display a certificate error warning for sites using SHA-1 certificates issued on or after Jan. 1, 2016. Edge and Internet Explorer have already stopped displaying the address bar lock icon, which indicates the site is secured and trusted, for sites using SHA-1.
Chrome 56, scheduled to be released at the end of January, will be the first version of the browser with support for SHA-1 certificates removed completely. However, the browser will distinguish between certificates chained to a public certificate authority and those chained to local CAs until 2019 to support enterprises who want to continue using SHA-1 certificates for internal applications. Starting with Chrome 54, site administrators will have to deploy the EnableSha1ForLocalAnchors policy to allow certificates chained to local trust anchors. This policy must be set, or SHA-1 certificates chained to locally installed CAs will also started being blocked by Chrome 57, expected in March 2017.
Google may choose to remove support for locally signed SHA-1 certificates before 2019 in the event of a serious cryptographic break. Enterprises should be using this two-year reprieve to migrate those internal certificates off SHA-1.
Firefox 51, currently in Developer Edition and expected to be released in January, would display the Untrusted Connection message starting January, but users will be able to override the warning for the time being. Support for SHA-1 certificates from publicly trusted CAs will be completely disabled "in early 2017," Mozilla said. SHA-1 certificates that chain up to a manually imported root certificate, as specified by the user, will continue to be supported, but Mozilla encouraged enterprises to migrate those certificates as soon as possible.
Don't wait until things are broken
Online trust relies on all the players working together, and digital certificates are a key component of the trust equation. If the organization relies on weak certificates, they are undermining the trust model. Certificate authorities were supposed to stop issuing SHA-1 certificates after Jan. 1, 2016, for example. If the CA is still issuing SHA-1 certificates, then organizations should change CAs.
Cryptographic projects are hard and the price for making a mistake during deployment can be high, so many businesses have stuck their heads in the sand instead of dealing with the migration to SHA-2. However, the deadline isn't going away, and the organizations will see actual business impact for delaying the process. Many organizations will be operating with smaller IT staff as employees take time off before the end of the year, making the process even more challenging. Even so, it will be far better to work on the bulk of the migration in the time left, rather than try to fix the problems after things start breaking in January.
"Leaving SHA-1 certificates in place is like putting up a welcome sign for hackers that says, 'We don't care about the security of our applications, data, and customers,'" Bocek said.