Google will start gradually sunsetting SHA-1

Google has announced that it will begin the process of gradually sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39, which is due to be released in November.

“The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper,” Google’s Chris Palmer, “Secure Socket Lover” and Ryan Sleevi, “Transport Layer Securer” explained the rationale behind the decision on Friday.

With this commitment, Google is following in the footsteps of Microsoft and Mozilla. Nearly a year ago, the former announced that Windows will stop accepting SHA-1 certificates in SSL by 2017, and this month Mozilla noted the same and removed some 1024-bit root certificates from its trust list.

The companies took into considerations the predictions made by the National Institute of Standards and Technology (NIST) that say that digital signature algorithms using 1024-bit keys will either be broken or be in serious danger of being broken by 2017 or 2018.

This is also why last year Google upgraded its SSL certificates to 2048-bit keys.

“We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it. Unfortunately, this can be quite challenging,” Palmer and Sleevi pointed out. “For example, when Chrome disabled MD5, a number of enterprises, schools, and small businesses were affected when their proxy software — from leading vendors — continued to use the insecure algorithms, and were left scrambling for updates. Users who used personal firewall software were also affected.”

In order to attempt to prevent such an occurrence from happening again, Google has announced that upcoming Chrome iterations will gradually start treating SSL certificates that include a SHA-1-based signature as part of the certificate chain and that expire on or after 1 January 2017 as “secure, but with minor errors,” “neutral, lacking security,” and ultimately, with Chrome 41 in Q1 2015, as “affirmatively insecure.”

Share this