Nytro Posted November 12, 2013 Report Posted November 12, 2013 Security Advisory 2880823: Recommendation to discontinue use of SHA-1swiat 12 Nov 2013 10:00 AM Microsoft is recommending that customers and CA’s stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based certificates after 2016. Background Secure Hashing Algorithm 1 (SHA-1) is a message digest algorithm published in 1995 as part of NIST’s Secure Hash Standard. A hashing algorithm is considered secure only if it produces unique output for any given input and that output cannot be reversed (the function only works one-way). Since 2005 there have been known collision attacks (where multiple inputs can produce the same output), meaning that SHA-1 no longer meets the security standards for a producing a cryptographically secure message digest. For attacks against hashing algorithms, we have seen a pattern of attacks leading up to major real-world impacts: Short history of MD5 Attacks Source: Marc Stevens, Cryptanalysis of MD5 and SHA-11992: MD5 published 1993: Pseudo-collision attack 2004: Identical-prefix collision found in 2^40 calls 2006: chosen-prefix collision found in 2^49 calls 2009: identical-prefix and chosen prefix optimized to 2^16 and 2^39 calls respectively, Rouge CA practical attacks implemented It appears that SHA-1 is on a similar trajectory:1995: SHA-1 published 2005: SHA-1 collision attack published in 2^69 calls 2005: NIST recommendation for movement away from SHA-1 2012: Identical-prefix collision 2^61 calls presented 2012: Chosen-prefix collision 2^77.1 calls presented Current Issues Microsoft is actively monitoring the situation and has released a policy for deprecating SHA-1 by 2016. Microsoft Recommendations Microsoft recommends that Certificate Authorities (CA’s) stop using SHA-1 for digital signatures and that consumers request SHA-2 certificates from CA’s. Microsoft Policy Microsoft has publicized a new policy that calls for users and CA’s to stop using SHA1-based certificates by 2016. - William Peteroy, MSRC I would like to thank the Microsoft PKI team as well as Ali Rahbar of the MSRC Engineering team for their hard work and input.Sursa: Security Advisory 2880823: Recommendation to discontinue use of SHA-1 - Security Research & Defense - Site Home - TechNet Blogs Quote
