By now, you may have already heard that Microsoft will start deprecating trust in certificates with SHA-1 signatures in 2016. In our view, this is a prudent move by Microsoft. We’ve long known that SHA-1 was weakening, and showing signs that a practical attack similar to the 2008 demonstration against MD5 could appear in the next few years.
At the 2008 Chaos Communications Conference, demonstrators were able to produce two digital certificates, representing different identities, that had the same MD5 hash and therefore both appeared to be legitimately issued certificates from the same CA.
As you might expect, this is the sort of attack that can have catastrophic consequences to PKI, and any systems that leverage digital certificates. However by 2008, most newer Public Key Infrastructures were not using MD5. SHA-1 had become the predominant standard, and therefore, in most cases, migrating away from MD5 was not particularly painful.
Unfortunately, we suspect that this time, looking at SHA-1 and a migration to the SHA-2 family of algorithms, the migration may not be quite as easy. There seem to be many more legacy systems in large enterprises that don’t support SHA-2 (or don’t support RSA keys larger than 1024 bits, which is also a serious but separate issue). CSS has seen this coming for quite a while; in fact PKI expert Wayne Harris blogged about this possibility in early 2011.
Suggested Solution
CSS’ guidance for any new enterprise PKI deployments starting January 2014 or beyond is to use SHA-2 across the board, for CA and end-entity certs alike. In situations where legacy systems are present that do not support SHA-2, it may be necessary to stand up an entirely separate PKI to support the older systems, while working to migrate everything to the newer algorithms. In short, where legacy support for SHA-1 is required, two entirely separate PKI hierarchies may be needed.
The good news is that this additional infrastructure does not require a lot of additional cost, other than the server licenses required to support it, and some space on a hypervisor host. CSS’ PKI oversight software suite, the Certificate Management System (CMS), can make keeping track of the PKI systems, and tracking the migration from one to the other, a relatively easy task. If the thought of building and operating this additional infrastructure still seems too daunting, CSS can operate or even host your dedicated public key infrastructure components as a managed service.
Please contact software@css-security.com with any questions or to obtain more information about the Certificate Management System (CMS).
The post SHA-1 Signed Certificates No Longer Trusted? appeared first on Certified Security Solutions.