Facebook, CloudFlare and SHA-1 Fallback

SHA-1 certificates are increasingly insecure, so moves by CloudFlare and Facebook to maintain SHA-1 support may seem counter-intuitive. However, both companies make a case that the secure access of millions of users is at stake.

A LESS AND LESS SECURE ALGORITHM

The Secure Hash Algorithm 1 (SHA-1) has been in use for certificate signing since 1995, and is long overdue for retirement. Cracking SHA-1 lets black hats sign fake signatures to their own certificates, and HTTPS connections using these fraudulent certificates look completely legitimate to unwary visitors. SHA-1 has been known to be vulnerable to compromise by well-resourced (read: state-sponsored) attackers for some time, but the computing power this costs was out of reach for most attackers – until recently. A test in October 2015 indicated that SHA-1 can now be cracked for around the price of a Porsche Panamera – well within the budget of many criminal organizations.

SHA-2 – SPRING FORWARD

As we’ve previously reported, upgrading to SHA-2 certificates and retiring SHA-1 has been strongly encouraged by industry stalwarts like Mozilla, Google and Microsoft. No certificate authority following industry best practices will be issuing SHA-1 certificates after December 31, 2015, and all major browsers will reject SHA-1 connections by January 1, 2017 (if not sooner).

Moving to SHA-2 certificates will provide a stronger, safer internet in the longer term, but in an ecosystem with over three billion users SHA-1 retirement is bound to cause some headaches. A significant number of users using older or legacy client software (especially users in the developing world) will be faced with a stark choice: HTTPS connections which use SHA-1 – or no security at all.

SHA-1 – FALL BACK

This is why Facebook and CloudFlare are implementing their SHA-1 fallback systems, designed to automatically serve HTTPS-enabled, SHA-1 signed versions of their sites to visitors detected using older technology. By CloudFlare’s math, SHA-2 secures connections to 98.31 percent of the world’s browsers – but the remaining 1.69% still represents some 37 million people, concentrated in poorer and more repressive parts of the world, and accessing the internet through less advanced technology.

The stated aim of both companies is to observe industry best practices without abandoning that segment of the internet limited to SHA-1 connections. To this end, CloudFlare has also proposed creation of an entirely new category of validation for digital certificates by adding a SHA-1 specific Legacy Validation (LV) category to the existing canon of Domain, Organization and Extended Validation types.

SSL.com will definitely keep you apprised of the progress of this proposal.