Microsoft considers blocking SHA-1 certificates after cost of collisions slashed

Microsoft may phase out support for TLS certificates that use the SHA-1 hashing algorithm as early as June 2016. The decision comes in the wake of recent calculations that suggest generating collisions is quicker and cheaper than previously anticipated.

SHA-1 is a hash algorithm, used to derive a 128-bit value from an arbitrary input. Its intent is for collisions—different inputs that hash to the same 128-bit value—to be hard to generate. As compute power has steadily grown over the years, it becomes quicker and cheaper to generate collisions. It was previously projected by Bruce Schneier, based on the observed growth of compute power, that creating SHA-1 collisions would be within reach of criminals by 2018 at a cost of about $173,000. On this basis, Microsoft intended to cease supporting the use of new SSL/TLS certificates using SHA-1 on January 1, 2016 and all SHA-1 SSL/TLS certificates on January 1, 2017.

The new cost and performance estimates, however, suggest that the cost is both drastically lower—$75,000 to $120,000—and that the compute resources are immediately available through cloud services such as Amazon EC2. This has given browser vendors little option but to reconsider the previous 2017 timetable for retiring support of SHA-1.

Read 2 remaining paragraphs | Comments