25

I noticed that today after I scanned a site on the Qualys SSL Labs site that SSL ciphersuites which use SHA1 are now highlighted as being "Weak". It seems this has just happened; I scan sites pretty regularly and haven't seen this before.

We have all known for some time that SHA1 has some weaknesses. Does this change reflect some new problems with SHA1? Has something officially changed in the industry to now have SHA1-based ciphersuites considered "weak"? Or is this just something the Qualys site is choosing to do now?

D.W.
  • 98,420
  • 30
  • 267
  • 572
user53029
  • 2,657
  • 5
  • 24
  • 35
  • 2
    Note that using a SHA-1 based certificate for your site doesn't make it any less secure. The problem is browsers accepting those certificates and CAs creating them. – CodesInChaos Sep 16 '14 at 17:20
  • 1
    "As importantly, the security community needs to make changing certificates a lot less painful, because security upgrades to the web shouldn't have to feel like an emergency." - Ease of use is like an afterthought in a lot of security solutions, so itt this is deserved criticism. "Everyone! I have the perfect airtight security model!" said the old man. "Ok that sounds good. How do I incorporate it into our pre-existing solution?" said the young dev. "Good luck!" said the old man. – Andrew Hoffman Sep 16 '14 at 20:16
  • Completely agree. The conventional wisdom is that ease of use has an inverse relationship with security, and to a certain extent this is true. OK, it's completely true. However, if you make your site right, the slope doesn't have to be steep. In other words, *much* more security doesn't necessarily have to mean *much* less ease of use. – trysis Sep 17 '14 at 00:18
  • For the server owner, SHA-1 isn't insecure as @CodesInChaos said, but SHA-1 certificates can be faked with some effort. – user10008 Sep 17 '14 at 00:35

3 Answers3

22

Nothing has changed in the industry. Qualys is now just highlighting what we already know.

It is to give you a reminder that you should move away from SHA-1. It's not generally considered a critical problem yet, but should be sorted as part of normal refresh/update cycles.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
17

It is because google is going to start marking certificates that use sha1 as insecure from 2017.

Some more info Why google is hurrying the web to kill sha1

HocusPocus
  • 462
  • 2
  • 8
  • This answer effectively says "X is, because Y does Z because X". The answer to "why does Entity X say Y is Z?" can't be simply "Entity A is Act B because C", where C = Z (Qualys are saying SHA-1 based certs are weak because Google is going to warn about them because they are weak). The answer would be C' = Z' where those are the reason entities A and X are stating C and Z, respectively. – user Sep 17 '14 at 19:44
  • 11
    @MichaelKjörling Your comment is `X + Z * C` times harder to decipher than this answer... – Chris Cirefice Sep 18 '14 at 05:44
  • Extended discussion about the Google move in Security Now ep. 473 https://www.grc.com/securitynow.htm –  Nov 15 '14 at 12:19
16

Qualys' forums have your answer: https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know

They started to flag SHA-1 7 days ago.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • SHA-2 has some dents in the armor, but I guess few people are ready for SHA-3 yet. – hobbs Sep 17 '14 at 02:01
  • 1
    @hobbs does it? [WP says](http://en.wikipedia.org/wiki/SHA-3) "SHA-3 is not meant to replace SHA-2, as no significant attack on SHA-2 has been demonstrated. Because of the successful attacks on MD5 and SHA-0 and theoretical attacks on SHA-1, NIST perceived a need for an alternative, dissimilar cryptographic hash, which became SHA-3." Is that out-of-date? – Nick T Feb 08 '15 at 14:18
  • 1
    @NickT nah, that's about right. We're still pretty far from a *practical* attack on SHA-2, just some inroads made on reduced-round variants. – hobbs Feb 09 '15 at 20:24