It's the end of SHA-1 and I feel fine

Google has proven SHA-1 cryptography is no longer safe, but then we've known this day had been coming for years.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

When the National Security Agency (NSA) introduced Secure Hash Algorithm 1 (SHA-1) in 2002 as an approved cryptographic security algorithm it was practically unbreakable. That was a long, long time ago.


True, SHA-1 security has been broken, but then we've been planning on it being busted for years now.

Getty Images/iStockphoto

Since then, SHA-1 has been used in numerous secure applications. These include web Secure-Socket Layer (SSL) certificates, encrypted communications, and code revision control systems such as Git.

But, even as it was being widely used, some SHA-1 implementations were being cracked. Experts soon realized it was only a matter of time before the core algorithm itself was busted. By January 2011, the National Institute of Standards and Technology (NIST) started discouraging SHA-1's use.

Even earlier than NIST, Microsoft told its developers to plan on no longer using SHA-1 by Jan. 1, 2016. It wasn't the only vendor to give up on SHA-1. Google began to deprecate SHA-1 support in web digital certificates in 2014.

In that same year, the OpenSSL Heartbleed zero day vulnerability made many websites reconsider using SHA-1. While Heartbleed didn't crack SHA-1, it did encourage them to upgrade their security certificates to SHA-2.

SHA-2 uses SHA-1's algorithm, but it uses different input and output sizes for far superior security. SHA-2 includes a series of SHA options designated by the size of the generated hash: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. NIST approved SHA-3, which uses a new algorithm, in 2015. However, there are few practical SHA-3 implementations. Thus, SHA-2 is the current popular secure algorithm.

By 2015, all the major browser companies, Mozilla with Firefox, Microsoft with Internet Explorer and Edge, and Google Chrome had announced plans to block "secure" web sites that used SHA-1-based certificates. True, some sites were still using out-dated security, but if you used an up-to-date browser you couldn't use these sites. This caused Firefox, for a limited time, to reinstate SHA-1 support. Within the next few months, all the browser companies will require SHA-2.

So, while it's very interesting that Google has announced the first SHA-1 collision, practically speaking it's not as important as some people might have you believe. True, as Google points out, it's to be hoped that "SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256." But are that many people using modern technology still using SHA-1?

By fall 2015, Netcraft said there were under a million websites still using SHA-1. In January 2017, Netcraft reported there were 1.8 billion websites total. There simply aren't that many sites still using SHA-1.

Besides, as Matthew, a security consultant, pointed out on StackExchange: "Currently, given the specific collision method used, the impact is quite limited." He continued, "the Google announcement mostly just confirms what had been suspected for a while -- SHA-1 is vulnerable to collisions, just as MD5 was, but finding them requires a lot of effort, and most of the really high profile targets (such as generating CA certificates) have mitigation in place from the very similar MD5 collisions found previously. Experts have been advising moving from SHA-1 for a while now, and this advice still stands."

As for other SHA uses, Peter Gutmann, a cryptography expert at the at the University of Auckland, New Zealand, wrote, "After sitting through an endless flood of headless-chicken messages ... I thought I'd do a quick writeup about what this actually means. In short: Reports of SHA-1's demise are considerably exaggerated."

Guttman continued, Google's "presentation of the results is detailed and accurate, it's the panicked misinterpretation of those results that are the problem. The only real-world problem isn't with e-mail, SSL, SSH, IPsec, etc., etc. it's with long-term document signing and certificates."

In other words, while SHA-1 has indeed reached the end of the road, we've already set up the detour signs years ago. For those few people still using SHA-1, it's time to move on. But most of us have already left SHA-1 behind in our rear-view mirrors.

Related Stories:

VIDEO: A 5-step plan for overhauling an organization's cybersecurity

Editorial standards