Encrypt As We Say, Not As We Do: The NSA and SHA-1 Certs

As Bruce Schneier and others have reported, your friends at the National Security Agency’s Information Assurance Directorate (IAD) recently issued a FAQ regarding their new Commercial National Security Algorithm Suite, intended to futureproof national security systems against the looming threat of quantum computing. Among their recommendations is the use of SHA-384 to sign certificates (a step up from SHA-2, the current industry standard ).

One small issue with the IAD’s link to their FAQ – it throws this message when clicked:

A quick check at SSLShopper shows that the certificate for iad.gov uses an obsolete (and dangerous) SHA-1 signature, and apparently has a broken chain of trust to boot – problems serious enough to get red-flagged by all modern browsers.

Further proof, we guess, that security is tough to get perfect – even when you’re a branch of the NSA.

The (insecure-as-of-this-writing) link to the IAD FAQ is here – use at your own risk.