Firefox might shoot shoddy SHA-1 in July
Cracking research shakes up browser baron.
Every time someone asks "how bad is the SHA-1 cipher?" the answer is "easier to crack than you thought", so Mozilla's considering killing it off six months ahead of schedule, on 1 July 2016.
The outdated and vulnerable hashing algorithm was this month found to be rather breakable for attackers willing to splurge just $US75,000 on cloud computing resources.
That feat undercut older estimates by US$100,000 and means cracking crypto is well and truly within the reach of even modestly-resourced cracking groups.
Mozilla had previously flagged the algorithm for retirement in 2017, but Firefox security boss Richard Barnes now says the company is considering writing-off SHA-1 web server and intermediate certificates from 1 July, six months earlier than the 1 January 2017 cut-off agreed to by web browser barons.
"We are re-evaluating when we should start rejecting all SHA-1 SSL certificates regardless of when they were issued," Barnes says.
"As we said before, the current plan is to make this change on January 1, 2017. However, in light of recent attacks on SHA-1, we are also considering the feasibility of having a cut-off date as early as July 1, 2016."
Firefox has already added SHA-1 site warnings to its Web Console and will throw an untrusted connection warning message in the main browser after 1 January 2016.
It is the latest SHA-1 swing back following the cloud cracking research. Earlier a motion by a gang of tech companies was pulled that sought to prolong the life of the hashing algorithm in the name of customer convenience.
The Firefox thought dump comes as British security bod Paul Mutton said a million sites including big ticket companies like Deloitte are using SHA-1 certificates including hundreds of thousands scheduled to live beyond 2017.
"SHA-2 eventually overtook SHA-1 in May 2015, but there are still nearly a million certificates currently using SHA-1," Mutton says.
The National Institute of Standards and Technology blesses only SHA-2 and SHA-3 algorithms with SHA-256 to SHA-512 permitted by the Browser Forum's baseline requirements for publicly-trusted certificates. ®