back to article 2016: Robo-butlers, flying cars, and Google's internet Terminators hunting SHA-1 SSL certs

Google Chrome will flag up websites with SHA-1 SSL certificates as insecure – and that's a huge policy change which ought to kick businesses into action, says an expert in digital certificates. Only 15 per cent of sites use SHA-256 certificates, the replacement for SHA-1, according to stats from SSL Pulse. This means plenty of …

  1. ecofeco Silver badge

    More likely: World War III and discount smartwatches

    Yeah, pretty much.

    Don't forge the riots. Many people in this world are VERY pissed off about how they are being screwed by the PTB and the backlash is coming.

    As for this: "Google will penalize the search rankings of websites that use SHA-1 SSL certificates – and that's a huge policy change which ought to kick businesses into action, says an expert in digital certificates."

    Hah! You must be joking if current events are any indicator and, well, they are. I'm looking at you Target/Home Depot/Community Health Systems

    1. phil dude
      Coat

      Re: More likely: World War III and discount smartwatches

      perhaps if they rank websites by IT competence...

      P.

      1. h4rm0ny

        Re: More likely: World War III and discount smartwatches

        >>"perhaps if they rank websites by IT competence..."

        So basically, you'd see nothing at all on the first eight pages of search results, and then everybody.

  2. Smooth Newt Silver badge
    Thumb Up

    About time too

    There are just so many organisations out there with bullshit in their T&Cs about how keeping customer data secure is a top priority, and they are using SHA 1 certificates and no forward secrecy.

  3. Daniel B.
    Boffin

    SHA1?

    I'm more concerned by sites that still allow handshaking with the "EXPORT" cipher suite. The one that most countries outside of the US were stuck with because of the braindead export restrictions on crypto that were in place before 2000. Also, 3DES because it still uses DES which has been cracked for a long time. It's only a matter of time for it to be thoroughly cracked.

    1. Michael Wojcik Silver badge

      Re: SHA1?

      3DES because it still uses DES which has been cracked for a long time

      In what sense has "DES ... been cracked for a long time"?

      DC and LC against DES are better than brute force in simple complexity but infeasible due to the large number of chosen or known plaintexts required - around 239 for the best attack. The best variant of the Davies-Murphy attack seems to require 245 known plaintexts, so linear cryptography still has the best result, and it's still infeasible.

      Any modern competent DES implementation avoids weak and semiweak keys, so forget about those too.

      DES is vulnerable to brute-forcing because it has a short key. That's not "cracked"; it's simply reached the end of its design life.

      3DES EDE with key mode 2 is weaker than it should be, with an effective key length of around 80 bits. That could be considered "cracked", but it's poor terminology at best. 3DES EDE with key mode 1 has an effective 112-bit key (due to meet-in-the-middle) and again the best known attacks are not feasible, with large computation and memory requirements (plus 232 known plaintexts, which is tough even if you have an oracle).

      It's only a matter of time for it to be thoroughly cracked.

      While it's true that "attacks only get better", as the saying goes, there's no proof that any better attacks against DES or 3DES will be discovered. DES isn't a group, so the obvious route for a complete break is closed.

      What's more likely is that computing power available to well-funded attackers will make 112-bit keys (for symmetric ciphers) unsuitable for medium-term protection of highly valuable data - just as NIST and every other entity in the field has been saying pretty much since the invention of computer cryptography. But again that's not a "crack". It's just a cipher reaching the end of its design lifespan.

      And if you're worried about cipher-suite choice for SSL and TLS, far better to worry about the vast number of servers forcing RC4 for performance reasons, since it's possible there are feasible attacks against RC4 as used by HTTPS. The combination of predictable plaintexts (due to HTTP headers) and the ability to get a victim to encode a lot of them (due to Javascript-based attacks and the like) make the plaintext requirements of the RH attack on RC4 much more plausible.

      And then you can worry about sites that only support SSLv3, or TLSv1 and so are vulnerable to BEAST, and so on.

  4. h4rm0ny

    Like nuclear power...

    ...monopolies can be used for both bad and good

    1. James 100

      Re: Like nuclear power...

      In a mirror universe where Bill Gates has a beard and figured out how to write working search engines, Bing has 90% of the search engine market - and to get in the first five pages for any search term, you must be hosted on IIS.

      I like the idea of HTTPS rather than HTTP, and better crypto whenever possible, but is the strength of encryption or hash size really valid as an indicator of page quality? When I'm searching for, say, a user manual for that old VoIP adapter I just bought on eBay, is the fact one site uses a fancy new SSL certificate actually relevant to my search?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021