Almost a million websites are still using SHA-1 (secure hash algorithm 1) certificates to encrypt web traffic.
Despite being regarded as weak or insecure by Google Chrome, one of the most commonly used browsers, more than 120,000 of the SHA-1 certificates currently in use on the web were issued during 2015, with 3,900 of these having expiry dates beyond the start of 2017, internet services company Netcraft has found.
According to Netcraft, within 49 to 78 days, an SHA-1 collision could occur, which would enable a hacker to create a Trojan website using a fake certificate that web browsers would accept as trusted.
The hacker would need to run the attack on a 512-GPU cluster, but the cost of using the equivalent processing time on Amazon’s EC2 would cost only $75k-$120k, Netcraft warned.
The researchers said that such an imminent threat suggests the migration from SHA-1 by 2017, as recommended by the security industry, is too slow.
Through an SHA-1 collision, Netcraft said a well-funded attacker could impersonate an SSL site that uses a publicly trusted SHA-1 certificate.
In September 2014, Google said it would start warning users that sites using SHA-1 were no longer trusted. In a statement on its website, Google wrote: “We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it.
“Unfortunately, this can be quite challenging. For example, when Chrome disabled MD5, a number of enterprises, schools and small businesses were affected when their proxy software — from leading suppliers — continued to use the insecure algorithms, and were left scrambling for updates. Users who utilised personal firewall software were also affected.”
However, Symantec – supported by Entrust and Trend Micro – are asking the CA/B Forum, which oversees SSL security on the web, to allow SHA-1 certificates to carry on being issued through 2016 – but these new certificates would only remain valid during 2016.
Given that browsers still accept SHA-1 certificates, Netcraft claimed that SSL sites remain at risk even after migrating to SHA-2, since an attacker who compromised an intermediate CA certificate signed with SHA-1 could then generate valid certificates for arbitrary websites.
The OpenSSL HeartBleed bug discovered in April 2014 resulted in around half a million certificates being potentially compromised, requiring urgent re-issue and revocation, which led to a boost in SHA-2 take-up.