Home Tags National Institute of Standards and Technology (NIST)

Tag: National Institute of Standards and Technology (NIST)

Google kills SHA-1 with successful collision attack

It's official: The SHA-1 cryptographic algorithm has been "SHAttered." Google successfully broke SHA-1. Now what?After years of warning that advances in modern computing meant a successful collision attack against SHA-1 was imminent, a team of researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands have successfully developed the first successful SHA-1 collision.
In practical terms, SHA-1 should not be relied upon for practical security.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Modern cryptographic hash functions depend on the fact that the algorithm generates a different cryptographic hash for every file.

A hash collision refers to having two separate files with the same hash.

The fact that cryptographic weaknesses in SHA-1 make certificates using the SHA-1 algorithm potentially vulnerable to collision attacks is well-known.

The National Institute of Standards and Technology deprecated SHA-1 more than five years ago, and experts have been long urging organizations to switch to stronger hash algorithms. Up until now, the only thing going for SHA-1 was the fact that collision attacks were still expensive and theoretical.To read this article in full or to leave a comment, please click here

Credential-stuffers enjoy up to 2% attack success rate – report

It's kinda easy when all the passwords are 1234567 Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security. More than three billion credentials were reported stolen worldwide in 2016, with 51 companies admitting a breach.

These stolen credentials are routinely abused by cybercriminals in attempts to hijack accounts on other sites, a tactic that only works because consumers often reuse the same password and login ID combination on multiple sites. A major retailer (which later became a Shape customer) experienced a large-scale credential-stuffing attack with more than 10,000 total login attempts over one day, using the most popular credential-stuffing attack tool, Sentry MBA. "Shape has identified millions of instances of credentials from reported breaches being used in credential-stuffing attacks on other websites, with up to a 2 per cent success rate in taking over accounts on systems that did not report public data breaches," the firm said. "As a result, automated fraud losses from credential stuffing is in the billions of dollars worldwide, based on the value of accounts taken over.

The most commonly targeted account systems include bank accounts, retail gift card accounts, and airline and hotel loyalty programmes." Yahoo!, which reported two separate spills in 2016, leaked the greatest number of login credentials, followed by FriendFinder, MySpace, Badoo and LinkedIn.

Tech companies spilled the most credentials (1.75 billion) but the gaming industry was the sector that witnessed the largest number of breaches. In response to the abuse of compromised user credentials, the National Institute of Standards and Technology last month recommended that online account systems check their users' passwords against known spilled credential lists, a practice already followed by companies such as Facebook and others.

The proposed checks are included in Draft NIST Special Publication 800-63B Digital Identity Guidelines.
If the password chosen by a user appears on the spilled credential lists, NIST recommends that the user be informed that they should choose another since their chosen phrase has been compromised. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

The war for cybersecurity talent hits the Hill

Many analysts and business leaders believe there is a severe need for qualified cybersecurity professionals in the U.S., something that has caught the eye of at least one key congressman. U.S. House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday said more needs to be done to address the cybersecurity labor shortage. “I agree 110 percent that we need to strengthen the workforce” of cybersecurity professionals, McCaul said during a meeting with reporters at the National Press Club. McCaul was referring not only to cybersecurity workers needed for U.S. government agencies, but also for U.S. businesses that control the nation’s critical infrastructure, including the electric grid and electronic healthcare records. “Eighty percent of the malicious codes are in the private sector,” he said. The need to fill cybersecurity jobs has been top of mind recently because of cyber exploits like the two massive Yahoo breaches announced late last year.

Also, intelligence community revelations that Russia tried to influence the U.S. elections with various cyber-exploits have galvanized some U.S. lawmakers, including McCaul. Several experts have estimated the workforce shortage of cybersecurity workers in the U.S.—across multiple job titles—currently at 300,000 or more.

The most recently available analysis, from the U.S.

Bureau of Labor Statistics, said the shortage of such workers in 2015 reached 209,000.

Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology. Despite such dire projections, there is at least one contrary point of view.

A DHS official said in a blog post in November that the cybersecurity skills shortage is a myth. For his part, McCaul plans to push for a cybersecurity agency within the Department of Homeland Security, partly to provide cyber assistance for national elections that are under state management. “DHS needs focus and resources,” he said. To fill cybersecurity job openings, U.S. companies have developed a number of strategies over recent years. Major corporations such as AT&T have established in-house re-training of IT workers to become cybersecurity professionals.

Also, AT&T has set up a rotational program so that a recent graduate can rotate through various departments at the company to become a well-rounded security expert. “The labor shortage is a huge problem. Nobody can get enough resources,” said Jason Porter, vice president of security solutions at AT&T, in an interview. “We’re excited to see a bunch of colleges have launched new programs around cybersecurity, so we’ll see more cyber talent.

But companies are still way behind. Right now, cybersecurity is paramount. We are actively retraining our own employee base.” Over the entire company, AT&T currently has more than 2,000 cybersecurity professionals, he said.

The company operates eight security operations centers globally and offers cybersecurity services to thousands of companies. While AT&T and other major companies are trying to adjust, the security challenges are greatest for small and mid-sized companies, analysts said. “Small and mid-sized businesses are suffering the most,” said IDC analyst Sean Pike. “They don’t have the money to pay for talent and not even for managed services.

They are sometimes hiring inexperienced talent, like a security generalist, who will move into a specialty in a year or two.
It’s really difficult to attract and retain the specialists.” Pike said he’s heard of security specialists moving into managerial roles in corporations who can make $250,000. One such manager moved into the vice president level and made $750,000, he said. With salaries at such high levels, smaller companies often have to resort to taking out an incident response retainer with a service provider for a year to protect against exploits. Analysts said it isn’t necessarily that there aren’t cybersecurity candidates available to fill positions, but there might be a lack of candidates to fill the positions that are open at the time. Gartner in a recent report said that there is a “war for cyber talent as organizations seek qualified candidates in an environment where demand outweighs supply.” Gartner noted that the Bureau of Labor Statistics expects the demand for cybersecurity professionals to increase by 53 percent through 2018. Gartner also said security budgets in U.S. companies are not increasing enough to keep up with salaries for cybersecurity professionals that have “skyrocketed.” The cybersecurity labor gap is already causing “major vulnerabilities,” said Gartner analyst Avivah Litan, in an email. “Many organizations are turning to outsourced and managed security services to fill their cybersecurity skill gap, but those managed services firms are facing their own recruitment challenges since there just aren’t that many skilled cybersecurity professionals to fill the gaps.” This story, "The war for cybersecurity talent hits the Hill" was originally published by Computerworld.

Buggy Domain Validation Forces GoDaddy to Revoke Certs

GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that date through yesterday, said vice president and general manager of security products Wayne Thayer. “GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process,” Thayer said in a statement. “The bug caused the domain validation process to fail in certain circumstances.” Part of the validation process involves registrar’s sending customers via email a validation code that the customer drops onto their site. Thayer explained that the system searches a particular spot for the code in order to complete validation. “When the bug was introduced, certain web server configurations caused the system to provide a positive result to the search, even if the code was not found,” Thayer explained, adding that GoDaddy was not aware of any compromises related to the bug. The issue did expose sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. GoDaddy has already submitted new certificate requests for affected customers. Customers will need to take action and log in to their accounts and initiate the certificate process in the SSL Panel, Thayer said. “This process will be identical to the process they followed when their previous certificates were issued. (If a customer has more than one revoked certificate associated with their customer account, they will be able to initiate the certificate process for each domain within the SSL Panel.),” Thayer said. “The SSL Panel provides helpful information and instructions that should allow customers to easily process the certificate online.” Affected websites will still resolve, GoDaddy said, but customers may see untrusted-site error warnings. Experts, meanwhile, caution that as more Certificate Authorities come online such as Let’s Encrypt, which provides free certs in an automated fashion, that more errors like this one could crop up. “I only see more of them happening,” said Kevin Bocek, vice president of security strategy at Venafi. “We’re seeing faster and faster certification validation with organizations like Let’s Encrypt turning up the competition [among CAs]. And things like DevOps driving faster certificate issuance. And with organizations moving to the cloud, you’re going to have more machines doing these types of requests for new certificates. “It’s all software,” Bocek said. “It could all have bugs. In the past year, we’ve seen more and more of these reports and the trend is going to continue.” Let’s Encrypt has taken great strides toward fulfilling its promise of bringing free encryption and SSL to the web by simplifying and automating the process. Let’s Encrypt isn’t alone; Amazon, Cloudflare and others also offer free SSL certs in one form or another. Let’s Encrypt uses ACME (Automated Certificate Management Environment), an open API, to automate certificate requests and issuance. And it’s working; in October, Mozilla telemetry that was made public showed that for the first time, more than half of all traffic in transit is encrypted. “There are going to be more demands on CAs and more and more machines doing requests,” Bocek said, adding that while ACME is great for efficiency, it is taking people out of the process. He recommends that organizations familiarize themselves with NIST guidance on preparing for and responding to CA compromises. “Everyone,” Bocek said, “needs to have a plan and an automated way to get around this.”

A Vendor's Security Reality: Comply Or Good-Bye

Privacy compliance is now mission critical.

Third-party suppliers that fail to meet data protection mandates will be excluded from doing business in lucrative vertical markets. The Health Insurance Portability and Accountably Act (HIPAA) Omnibus Rule and the Federal Information Security Management Act (FISMA) have introduced an unprecedented emphasis on third-party compliance.

For those providing services within the healthcare sector or to the federal government, privacy compliance is now mission critical.

Although vendor compliance has long been clouded in ambiguity, these directives provide much needed and long-overdue clarity to the vast vendor community. Unfortunately, many vendors have yet to address their compliance obligations and are now scrambling to salvage customer relationships.

Federal regulators, awakened by the expansion of outsourcing and the unending drumbeat of vendor breaches, have turned their focus directly toward service providers and the risks they pose.

The result is that vendors face a new and stark reality: comply or good-bye.

Those that fail to meet specific data protection mandates ultimately will be excluded from doing business in these lucrative vertical markets. HIPAA Omnibus RuleThe HIPAA Omnibus Rule represents a dramatic change to healthcare regulation and jolted the vendor community.

Although enacted in 2009 as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, the effective date was postponed until September 2013.

The Omnibus Rule addresses important issues such as disclosure and patient rights, but the most significant change, from a data protection perspective, relates to the responsibilities of "business associates" — any entity that "creates, receives, maintains or transmits protected health information on behalf of a health care provider or insurer." Before September 2013, healthcare vendors were required to meet minimal data protection standards, while hospitals, health clinics, and insurance plans were subject to the full scope of HIPAA's Privacy and Security Rules.

The Omnibus Rule, however, subjects vendors to requirements that had previously applied only to covered entities.

Therefore, vendors must implement a combination of administrative, technical, and physical safeguards to ensure the security of protected health information or be exposed to the consequences of a regulatory violation. Specifically, vendors are required to: Conduct a formal risk assessment Implement measures to mitigate internal and external risk Implement written policies governing the security of protected health information Conduct data security training for all employees Restrict physical access to storage of protected health information Protect workstations and electronic media Implement technologies to prohibit unauthorized access Log all electronic access of protected health information Secure electronically transmitted protected health information In addition to experiencing disruption of customer relationships, healthcare vendors are now exposed to significant financial penalties from the Department of Health and Human Services for failure to comply with HIPAA.
Should you doubt the government's resolve in enforcing the rigorous business associate requirements, several vendors have been fined in excess of $500,000 since the implementation of the Omnibus Rule. FISMAFISMA was enacted in 2002 as a framework for ensuring the security of systems that support government operations.
It requires all federal agencies, entities administering federally funded programs, federal grant recipients, and government contractors to develop, document, and implement a program to secure federal information and corresponding systems.

FISMA mandates that those subject to the law implement "baseline security controls" through a combination of managerial, operational, and technical measures and is aligned with NIST 800-53, the National Institute of Standards and Technology's outline of security controls for federal information systems. Although third-party service providers have been subject to FISMA since its enactment, vendor compliance has been prioritized over the past few years.

This development has prompted government contractors to pursue FISMA compliance or risk exclusion from the federal vendor community.

Enforcement of FISMA's third-party standard is being performed primarily through the procurement process, with all prospective vendors required to attest to adherence with rigorous data security controls when responding to a solicitation.

The specific language within contract awards mandates that vendors submit evidence of FISMA compliance in the form of monthly, quarterly, and annual deliverables. Accordingly, if your company is doing business with a government agency, you will be required to provide detailed and ongoing evidence of compliance.

Additionally, agencies are increasingly deploying audit teams to perform on-site verification of a vendor's control environment. The following list, taken directly from a Federal Highway Administration RFP, details the specific documents that vendors must provide as evidence of FISMA compliance: Security assessment: formal evaluation of control environment (annual) Plan of action: plan to mitigate assessment findings (quarterly) System security plan: documentation of all controls (annual) Security categorization: impact level of each system (annual) System contingency plan: documentation of redundancy (annual) Security policy and workforce training records (annual) Interconnection agreements from sub-contractors (annual) The New RealityAlthough meeting the enhanced requirements of HIPAA or FISMA will entail additional resources, third-party service providers should view this as a critical, long-term investment.

The reality is that vendors operating within highly regulated industries must be capable of demonstrating compliance to each customer.

Therefore, those who are unable to meet the new regulatory mandates will find themselves on the outside, looking in. Related Content: John Moynihan, CGEIT, CRISC, is President of Minuteman Governance, a Massachusetts cybersecurity consultancy that provides services to public and private sector clients throughout the United States. Prior to founding this firm, he was CISO at the Massachusetts Department of ...
View Full Bio More Insights

FDA Issues Guidelines For Security Of Medical Devices In Use

Guidance advises manufacturers on how to continue monitoring the devices once they are sold. The US Food and Drug Administration (FDA) has issued guidelines on post-market cybersecurity monitoring of medical devices as a follow-up to the 2014 pre-market guidance, Information Security Media Group (ISMG) reports. The FDA's guidelines are voluntary, and outline steps for manufacturers to continue ensuring cybersecurity of the devices after marketing and improving critical infrastructure cybersecurity via the National Institute of Standards and Technology standards. The guidance comes in the wake of the recent controversy surrounding allegations by Muddy Waters Capital and MedSec Holdings that pacemaker devices manufactured by St. Jude Medical had cybersecurity flaws. "Central to these recommendations is FDA's belief that medical device manufacturers should implement a structured and comprehensive program to manage cybersecurity risks," says FDA’s Suzanne Schwartz, adding the agency will continue to work on providing further advisories when needed. Kevin Fu of Virta Laboratories said the guidance "responds to many of the medical device security issues highlighted in reports by the National Academies and the NIST Information Security and Privacy Advisory Board over the last six years." Read more here. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio More Insights

NIST requests ideas for crypto that can survive quantum computers

Christmas miracle: Government preparing properly for problem expected to land in ~20 years The United States' National Institute of Standards and Technology has issued a “Notice and request for nominations for candidate post-quantum algorithms.” The Institute (NIST) has cottoned on to the fact that “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.” The agency therefore observes, in its explanation of the Notice, that once such machines are widely available, “This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.” The Notice therefore calls for the development of “... new public-key cryptography standards will specify one or more additional unclassified, publicly disclosed digital signature, public-key encryption, and key-establishment algorithms that are capable of protecting sensitive government information well into the foreseeable future, including after the advent of quantum computers.” NIST reckons it will get something useful within a year, as it's set a deadline of November 30th, 2017, for submissions. But it doesn't think the work will be widely-tested for 20 years, writing that “Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.” “Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.” You read the above right: this is an example of a government agency being sensibly far-sighted. As it happens, late last week Microsoft offered up a speech on the subject some of its research on just this subject. In the video below, Gorjan Alagic from the University of Copenhagen's Quantum Information Theory group explores “how to securely transmit many large quantum states using a single short key, and how to authenticate such transmissions.” To be honest, the concept and math go over your correspondent's head.

But if you've an hour to spare, and that's as likely in this week as any, perhaps you'll be able to tell us more about Alagic's approach. ® Youtube Video Sponsored: Next gen cybersecurity.
Visit The Register's security hub

US commission whistles to FIDO: Help end ID-based hacks by 2021

No breaches should result from compromised identities, say gov bods A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises. The US Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security and growing the digital economy. The report (pdf, 100 pages) lays out an ambitious goal that by 2021 there should be no major breaches in which identity – especially the use of passwords – is the primary vector of attack. This goal will require the development and broad adoption of improved identity authentication technologies. The commission name-checked the Fast IDentity Online (FIDO) Alliance as an organisation that can help in achieving this goal: “Other important work that must be undertaken to overcome identity authentication challenges includes the development of open-source standards and specifications like those developed by the Fast IDentity Online (FIDO) Alliance,” it said. In a blog post, the FIDO Alliance outlined how the US government achieve its goal to move beyond passwords. Brett McDowell, executive director of the FIDO Alliance, said: “Through continued partnership between industry and government – and by following the Commission’s recommendations around identity and authentication – I am confident the new US administration, with the help of global consortia like the FIDO Alliance, can make meaningful progress toward that five-year goal of eliminating identity-related data breaches.” “The commission has recognized that solving the password problem and closing off identity as an easily exploited vector of attack is a clear priority,” he added. The FIDO Alliance has more than 250 members including device manufacturers, banks, payment card networks, several governments and dozens of security and biometrics vendors.
Its main goal is to push simpler, stronger authentication. FIDO’s work includes drafting specifications for simpler, stronger authentication experiences that reduce reliance on passwords and protect people from phishing and the misuse of login credentials exposed as the result of data breaches. Microsoft, Google, PayPal and the Bank of America are all part of the alliance. Last month the UK government unveiled a national cybersecurity strategy that similarly charted a course towards moving beyonds passwords for online authentication, as previously reported. “A common theme in both countries has been the need to balance security with usability, privacy and interoperability,” FIDO’s McDowell concluded. George Avetisov, chief exec and co-founder of biometric technology firm HYPR, agreed that authentication needs to be at the top of the list of the new President's actions to improve overall cybersecurity. The rapid adoption of technologies like "selfie pay" have shown that there is an urgent need to shift away from passwords and over to “easy to use” identity solutions, he added. PKWARE CTO Joe Sturonas noted the absence of much description about encryption in the lengthy report. “It’s notable that the word encryption appears only twice across the 100 pages of the commission on enhancing national cybersecurity," Sturonas said. "For a paper that talks specifically about the NIST cybersecurity Framework and IoT (there are 52 mentions of IoT), it seems as though encryption should have come up a little more. "For an Administration that presided over the OPM breach, it might stand to reason that encryption of sensitive data might have taken a more prominent role in the recommendations for the next Administration.

Considering how a lack of encryption of data itself has been a major point of vulnerability in every recent breach that has occurred, it is concerning that the commission on enhancing national cybersecurity has not emphasized encryption in their recommendations,” he added. Open-source standards and specifications developed by the Fast Identity Online (FIDO) Alliance will allow for the best and most secure available experience online experience, according to HYPR. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Standards body warned SMS 2FA is insecure and nobody listened

Duo Security says NIST's advice to deprecate out-of-band passwords has been ignored The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security. Last July NIST declared that sending one-time passwords to mobile phones was an insecure. The organisation wrote in its advisory that the likelihood of interception makes TXT unreliable. "Due to the risk that SMS messages or voice calls may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators," NIST wrote at the time. "Out-of-band authentication using [SMS or voice] is deprecated, and is being considered for removal in future editions of this guideline." NIST stated organisations using SMS for two factor authentication must verify that the supplied number is not associated with a voice-over-IP service. But scores of organisations use SMS for verification.

Google offers it as a fall-back service in place of secure mechanism like its Authenticator app and hardware dongles, as do Twitter, Facebook, and scores more. Duo Security's Mayank Saha says the statement has had virtually no impact some six months after its announcement according statistics about the use of SMS among its clients. The firm's customers include NASA, Facebook, Toyota, and Etsy, plus organisations in the government, health, and education sectors. "Prior to the declaration, we were seeing roughly six to eight percent of two factor traffic in use with our service via the SMS method … after the announcement was made we’ve seen a similar percentage," Saha says. "There is a notable lack of significant change to the rate of decline after the release of the revised NIST guidelines." Saha says SMS has this year slowly fallen out of favour with clients but that the NIST advice did nothing to accelerate that rate. He says push-based authentication which NIST recommends and Google deployed in June is more user friendly and secure than SMS, as are U2F dongles which require users to insert USB sticks into logging in devices.

Google also uses the latter login mechanism and plugged it in a recent study Security Keys: Practical Cryptographic Second Factors for the Modern Web [PDF]. SMS authentication is the most universal and arguably useable method of two factor login, primarily because it requires only a phone bearing the right SIM card. It is easy to subvert, however; attackers with basic target information can easily trick phone companies into porting numbers after passing identity checks.

This has been used by fraudsters to ensure banks' transfer warning SMS never reach victims. The NIST guidance comes some four years after Australia's private sector Communications Alliance lobby group ruled SMS as unsafe for two factor authentication. ® Sponsored: Customer Identity and Access Management

Time's almost out for websites to abandon SHA-1

Despite months of reminders and warnings, more than one-third of websites will become inaccessible come 2017.

There is barely a month left before major browsers start blocking websites using certificates signed with the SHA-1 hash, but 60 million-plus ...

Moment of truth: Web browsers and the SHA-1 switch

The long-awaited SHA-1 deprecation deadline of Jan. 1, 2017, is almost here.

At that point, we’ll all be expected to use SHA-2 instead.
So the question is: What is your browser going to do when it encounters a SHA-1 signed digital certificate? We’ll delve into the answers in a minute.

But first, let’s review what the move from SHA-1 to SHA-2 is all about. Getting from SHA-1 to SHA-2 SHA-1 is a cryptographic hash officially recommended by NIST.
It’s used to verify digital content, as well as digital certificates and certificate revocation lists (CRLs). Whenever a PKI certification authority (CA) issues a certificate or CRL, it signs it with a hash to assist “consuming” applications and devices with trust verification.  In January 2011, SHA-2 became the new, recommended, stronger hashing standard.
SHA-2 is often called “the SHA-2 family of hashes” because it contains hashes of many different lengths, including 224-bit, 256-bit, 384-bit, and 512-bit digests.

The most popular one is 256 bits by a large margin. Who declared Jan. 1, 2017 the drop-dead date for SHA-1? Three of the top browser vendors and dozens of other software vendors.

They belong to a vendor consortium called the CA Browser Forum, which publishes requirements for public CAs in its frequently updated Baseline Requirements document. The CA Browser forum’s SHA-1 deprecation requirements apply to all but two types of certificates (covered below), although some browser vendors care only about web server certificates. Per the CA Browser forum, no public CA is allowed to issue SHA-1-signed certificates after Jan. 1, 2016, for certificates that expire after Dec. 31, 2016, although in some browsers, any SHA-1 certificate expiring after Dec. 31, 2017, is flagged, regardless of when it was issued. The CA Browser Forum specifically excludes root CA server certificates and cross CA certificates from the SHA-1 deprecation requirements.

This means you do not have to worry about your root CA’s certificate, although you probably need to worry about how it signs subordinate CA certificates and CRLs. Your browser’s reaction Some major browser vendors have been issuing warnings and error messages for two years.

Today, some browsers put an X through the HTTPS indicator (Google Chrome), don’t display the lock icon (Microsoft Edge and Internet Explorer), or simply remove the HTTPS portion of the URL (Apple Safari). Some browsers, such as Firefox, don’t show any indication when consuming an SHA-1 certificate; others may or may not depending on whether you're using a PC or mobile version of the browser.
In some cases, the protection given by the SHA-1 TLS certificate is still active even though the browser appears to indicate that it is not (for example, Chrome, Edge, or Internet Explorer). SHA-1 deprecation in the major browsers Certificate types and deprecation evaluation What certificate types will be evaluated for SHA-1 deprecation? It depends on the browser.  The CA Browser forum says all certificates will be evaluated except for root CA server and cross-CA certificates.

But I have seen browsers that popped up an error message on SHA-1 root CA certificates when they were acting as an “intermediate” root CA in a three- or four-tier PKI hierarchy and on cross-CA certificates. Microsoft will only evaluate certificates that originate from a PKI chain registered in the Microsoft Trusted Root program.

Certificates originating from a PKI chain registered in the Microsoft Trusted Root program will be evaluated only if they contain the Server Authentication OID.

This is an important point because some TLS certificates may contain the Client Authentication or Workstation Authentication OIDs only. (See Microsoft’s SHA-1 deprecation policy.) Other browser vendors say they will inspect “all” certificates for SHA-1 deprecation, but in practice this always excludes the root CA server certificates and may technically mean only web server or Server Authentication OID certificates.
I’ve had a hard time nailing down browser vendors on exactly which certificates they will include in deprecation-checking. Mozilla did confirm it also checks for the deprecated Netscape Step-Up OID. Mozilla Firefox, Google Chrome, and Opera browsers will check both public and private certificates by default, although you can manually register private PKI chains (sometimes called enterprise chains) to be excluded from SHA-1 deprecation checking. You can find Mozilla’s latest SHA-1 deprecation statement here; Google’s can be found here. As of Jan. 1, 2017, “full” SHA-1 deprecation enforcement is supposed to happen, although Microsoft will actually begin full enforcement on Feb. 14, 2017 (the second Patch Tuesday of the year). Mozilla says it will begin full enforcement in January 2017, with no specific date, whereas Google (and Opera) will begin full enforcement by the end of January 2017. All browsers will eventually evaluate all certificates, public or private, with no exceptions allowed, although this is will probably be many years out.

Expect any new improvement in SHA-1 cracking to speed up timelines and incur policy updates.

Microsoft plans St Valentine’s Day massacre for SHA‑1

End of the line for weak hash as web giants finally act The death knell for the SHA‑1 cryptographic hash function will be sounded, now that all of the main browser builders have decided to cut off support – only 12 years after its flaws were first discovered. On Friday, Mozilla and Microsoft both announced that support for SHA‑1 would be dropped – Moz with build 51 of Firefox in January and Microsoft on February 14 for its Edge and Internet Explorer 11 browsers.

Google has already said that Chrome will block SHA‑1 from build 56, due out by the end of January. "The SHA-1 hash algorithm is no longer secure. Weaknesses in SHA‑1 could allow an attacker to spoof content, execute phishing attacks, or perform man-in-the-middle attacks when browsing the web," Redmond said. "Though we strongly discourage it, users will have the option to ignore the error and continue to the website." SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.

The delays have been driving some of the tech community up the wall, given that SHA‑1 was proven to be deeply flawed back in 2005 and has been getting progressively more insecure since then. The hash algorithm was published in 1993 as SHA‑0 by the US National Institute of Standards and Technology (NIST). Researchers at the National Security Agency did some tweaking to its compression function and turned out SHA‑1 two years later.
It was made mandatory for all US government crypto-code and became a default standard. It was a decade before researchers realized there were potential problems.
In 2005, Xiaoyun Wang and Hongbo Yu from Shandong University and Yiqun Lisa Yin from Princeton University published a paper showing it was possible to find collisions (two messages that hash to the same hash value) in 269 operations, and possibly as low as 233 – not the 280 operations first envisaged. This was worrying, but not necessarily fatal – it would still take an enormous amount of computing power to defeat, although nowhere near as much as first thought.

But as time went on, computing power increased and the advent of virtualization made more processing available to anyone with a credit card.
It became clear that decryption times would drop. The number of operations needed to cause a collision continued to decrease and remained largely theoretical. Nevertheless, NIST recommended that government users upgrade to SHA‑2 (the hash published ten years earlier) as early as 2012, but there were plenty of hold-outs, even in the US military. In 2015, a paper (dubbed The ShAppening) published by Marc Stevens of the Dutch research institute Centrum Wiskunde, with Pierre Karpman and Thomas Peyrin from Singapore's Nanyang Technological University, showed you could break SHA‑1 with just $75,000 of compute power. This finally got the industry to remove its collective digit and start setting some decent security standards.
It has taken them long enough, and now it's time to find the laggards and get them fixed. ® Sponsored: Customer Identity and Access Management