IT Focus Area: security
October 9, 2015
Why the SHA-1 Hashing Algorithm Has Got to Go
Cryptography is the science of secret communication. Its fundamental objective is to enable communications over an insecure channel in such a way that a potential adversary cannot understand what is being conveyed.
There are three types of algorithms in cryptography: secret key, public key, and hash functions. Hash functions—also called message digests—are primarily used for message integrity. They don’t have keys; instead, they convert messages into a fixed-size string of letters and numbers, making it impossible for the contents of the plaintext to be recovered.
Hash values provide a digital fingerprint of a message's contents, which ensures that the message hasn’t been altered. Even a one-character change in a very long message will result in a different hash. It’s like putting on a tamper-proof seal.
The Secure Hash Algorithm (SHA) is one of the most well-known hash functions in use, and currently consists of SHA-1, SHA-2 and SHA-3. SHA-1 is one of the Internet’s most prolific algorithms, underlying almost 30 percent of digital certificates today. It produces a 160-bit hash value that’s usually rendered as a 40-digit-long number. The majority of websites that use SSL encryption rely on SHA-1 to prevent attackers from impersonating them, so that when you type in https://linkedin.com, for instance, you’re actually going to LinkedIn and not giving your password to a hacker.
So what’s the problem with SHA-1?
In a word, it’s weak.
Like human fingerprints, hashes are only valuable when they’re unique. If two message inputs result in the same hash, it can lead to a “collision attack” that facilitates the generation of fake certificates that can be used by attackers to compromise online transactions, downloads and communications. SHA-1 has essentially been considered “broken” since 2005, when analysts discovered it could be cracked 2,000 times faster than predicted. The National Institute of Standards and Technology (NIST) required many applications in federal agencies to move to SHA-2 after 2010 because of the SHA-1 weakness.
All of the major browsers will stop accepting SHA-1 SSL certificates by 2017 but according to new research, that’s not going to be fast enough. A group of researchers from the Netherlands, France and Singapore have released a paper that argues real-world attacks could compromise the algorithm within the next few months—well before the cut-off date. Their estimate was based on the ability to carry out a successful collision attack on the SHA-1 compression function.
What can organizations do to protect themselves?
There’s little time to waste; from an IT planning and management perspective, January 2017 is right around the corner. While it may seem like a huge undertaking, if you’re using SHA-1 you should transition to a more secure hashing algorithm for your digital certificates as soon as possible. Within the SHA family you can migrate to SHA-2—with a recommended minimum key length of 2,048—or SHA-3. SHA-2 is similar to SHA-1, and could potentially be attacked using the same techniques.