It’s time to replace SHA-1 certificates

It has been 20 years since SHA-1, the world’s most used encryption method, was released.

SHA-1 is an encryption method developed by the National Security Agency of the United States and is considered a federal information processing standard for the Government of that country. The method of output of SHA-1 produces a 160 bits (20 bytes) secure hash value, equivalent to an hexadecimal number of 40 digits long.

In 2005 were published two investigations in which big vulnerabilities in this mechanism were demonstrated. It happens that the hashes have a natural enemy called “collisions”. Collisions are the possibility of encountering an identifier that is notunique, i.e. that a same SHA-1 represent two different incoming data flows through brute force attacks.

By definition, we could say that there is 1 chance in 1208925819614629174706176 (280) of generating collisions in SHA-1. However, at the beginning of 2005, a group of Chinese researchers reduced the number of attempts to 269. Finally, researches of the Macquarie University of Australia were able to reduce it to 252 (about 2000 times faster than expected).

As a result, the CA/Browser Forum recommended in 2011 start to leave SHA-1 as soon as possible. In fact, the Government of the United States stopped using this mechanism in 2010.

About SHA-2

SHA-2 (also known as SHA-224, SHA-256 and SHA-384) is the evolution of SHA-1. Designed by the National Security Agency and approved by the National Institute of Standards and Technology (NIST) as a federal information processing standard in 2001, it differs from SHA-1 by own hash functions with 32-bits words.

SHA-512 is also part of the SHA-2 family, but uses hash functions with 64-bits words. SHA-224 and SHA-384 are identical to SHA-256, but are calculated with different initial values. SHA-512/224 and SHA-512/256 are truncated versions of SHA-512, as specified in FIPS PUB 180-4.

The impact on users

Google recently announced that the new version of Google Chrome (expected for the next few weeks), will consider sites whose security certificates include a SHA-1 signature and expire on January 1, 2017 or later as secure but with errors.


In Google Chrome 40 (announced for mid-November this year), the sites that use certificates with SHA-1 signatures and expire between June 1, 2016 and December 31, 2016 (both inclusive) will be treated as secure but with errors, while those who expire on January 1, 2017 or after will be treated as a site without security.


Google Chrome 41, which release date is still unknown, will have the same treatment for sites that use SHA-1 signatures in their certificates and that expire between June 1, 2016 and December 31, 2016 (secure but with errors). However, sites with SHA-1’s certificates that expire on January 1, 2017 or later will be treated directly as not safe.

We can verify that the version 42 of Chrome (which is available in beta from Abril 2015) will begin to mark sites with SHA-1 certificates that expire after december 2015 as not safe (every intermediate needs to be updated as well).


The Chromium team announces on their blog, that these changes will affect exclusively SHA-1 certificates for sites and intermediate certification authorities. Root certification authorities whose signatures are based on SHA-1 will not impact the rating of the sites because TLS clients trust them by their identity, rather than by the signature of their hash.This decision, next to the idea of rank up HTTPS sites in search results mark a before and an after in the history of the Internet security.

Microsoft, on the other hand, announced in a security advisor that they will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity.

The following certification authorities are now issuing new certificates based on SHA-256. Those customers who have SHA-1 certificates can revoke and reissue them based on SHA-256 without additional cost:

RapidSSL (part of GeoTrust family)

You can use the SSL Server Test provided by Qualys SSL Labs to understand if your certificate or intermediate certification authority are affected.

I want to recommend WordPress users to read my recent note about how to protect a WordPress site with SSL (in spanish).

Un comentario sobre “It’s time to replace SHA-1 certificates

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.