Quantcast
Over a Quarter of the Encrypted Web Is About to Be Broken

Thankfully, the likes of Google, Microsoft and Mozilla are moving up a timetable to fix it.

Much of the web will soon be a lot less secure. That's because the cryptographic algorithm used to secure much of the world's online credit card transactions, browsing sessions, and internet banking sites is very, very close to being compromised by criminal hackers.

SHA-1, as the algorithm is called, was planned to be unsupported by all internet browsers by January 2017 at the latest. But last week, Google announced it was considering moving that date forward to July of next year, because of worries that SHA-1 would be broken much sooner. And that move comes after Microsoft and Mozilla already moved their cut-off dates to June and July 2016, respectively.

SHA-1 is a cryptographic hash function: an algorithm for taking plain data—be that text, or numbers, or anything else—and outputting a seemingly garbled up version of it, in a series of digits and letters, which is known as a hash. That process is designed to work only in one direction, so no one can figure out the original input from the hash. This differs from encryption, where generally the point is to encrypt a piece of information, and then decrypt it later for whatever reason.

Hashes are used not only to store data in a more secure way, such as passwords in a website's database, but also to create a way of verifying that data has not been tampered with. For instance, the SHA-1 hash of "Go on, make me a lovely little hash," is "f88e5b5ed38e7801ba39294cf4699f9867ad9729."

If I was to change even one letter of that statement, the entire hash would be different too. So with this, it's possible to compare the hash of one, "original" piece of data, and then another supposed copy of it, to make sure whether somebody has modified the copy in any way.

One application of this is with passwords. When a (responsible) website first handles your password, it converts it into a hash, and then stores that. So "PASSWORD" might be "e75fd8bfd5a4819ae09942144ccb8b03393d99ad," and the next time you login, the website compares that hash to the one it has stored. That way, if the site were to be hacked, attackers would only get away with the hash, which is less useful than a password.

Loads of cryptographic hash functions exist, with various advantages over one another for different tasks, but SHA-1 is particularly popular for verifying digital certificates for web browsing.

Last year Google started warning users if sites used SHA-1-based signatures. Image: Google's security blog

These digital certificates are used to secure HTTPS browsing sessions, and to ensure that the site you're visiting is the real deal, rather than a malicious copycat, perhaps designed to steal login details as you type them in. In October of this year, SHA-1 was used for more than 28 percent of digital certificates.

But, attacks against SHA-1 are increasingly becoming accessible to hackers, attacks that would completely undermine the system of trust from certificates using the algorithm.

The whole point of hash functions is to create a unique hash, so data can be compared and known to be legitimate. However, in what is known as a "collision," two different inputs can produce the same hash. In a similar way to how encryption can be brute-forced, hashing algorithms can be targeted by sheer computing power in order to compromise them.

In 2012, Jesse Walker, an employee at Intel, estimated that an SHA-1 collision attack could be financed with around $2.77 million at the time. But Walker's estimates went on to say that the attack would fall dramatically in price, and would cost around $700,000 worth of Amazon servers in 2015, and $43,000 by 2021, per hash. Some of those figures are certainly not outside the budget of organized criminal groups, who sometimes rake in millions of dollars annually.

In October of this year, researchers published a paper claiming that the cost of breaking SHA-1 could hit budget prices even sooner, by making the most out of typical computer graphics cards.

It is rather an unsettling thought that the security of the world wide web is largely built upon trust

"We just successfully broke the full inner layer of SHA-1. We now think that the state-of-the-art attack on full SHA-1 as described in 2013 may cost around $100,000 renting graphics cards in the cloud," Marc Stevens, a cryptographer who worked on the research, said in a press release published at the time.

In the wild, attacks on SHA-1 wouldn't just be some abstract, mathematical non-problem. Hackers could create spoofed certificates, and make fake banking or payment sites look totally legitimate for anyone that visited them, or sneak malware into seemingly innocent computer system updates.

Indeed, this sort of thing has happened with MD5, a notoriously weak hash function, which is no longer used for verifying browsing sessions. In 2008, researchers managed to create their own rogue Certificate Authority (CA), a body that issues the trusted certificates that the encrypted web is reliant on. Being able to do that means that the researchers could display pretty much any website of their choosing as secure: All it took was 200 PlayStation 3 consoles and $700 in test certificates.

Nation-state hackers have also used MD5 collisions to sign malicious code, making it appear the data came straight from Microsoft. This allowed the hackers to send attack code without triggering any alarm bells, because it seemed to come from a trusted vendor.

So this brings us to today, where the companies behind the world's most popular internet browsers are seemingly keen to get the switch from SHA-1 over as quickly as possible.

Starting in early 2016, Chrome will display a warning if a site is signed with an SHA-1-based signature, and, if the plan goes ahead, not connect at all to offending sites by July 2016, according to Google's recent blog post. Certificate Authorities must also stop issuing SHA-1 based certificates next year, in line with the Baseline Requirements for SSL (SSL being a protocol used for encrypted web browsing).

It is rather an unsettling thought that the security of the world wide web is largely built upon trust, be that the authorities issuing certificates, or faith in the algorithms that keep the whole thing a float. Now, it is clearly time to move away from any sites that are gambling with that trust.