Microsoft has taken a major step to diminish the industry's dependence on an older cryptographic hash function, which is still used to validate a majority of digital certificates around the world.
On Tuesday, the tech giant revealed a new policy that will no longer allow certificate authorities (CAs) to issue X.509 certificates using the SHA-1 hashing algorithm for secure socket layer (SSL) and code signing.
The policy takes effect after January 1, 2016, according to a post on Microsoft's Windows public key infrastructure (PKI) blog, and requires CAs to migrate to the stronger SHA-2 hashing algorithm.
“The policy affects CAs who are members of the Windows Root Certificate Program who issue publicly trusted certificates,” said the blog post, later explaining SHA-1's use among CAs since the late 90s and its role in securing more than 98 percent of certificates issued worldwide.
The company added that the change takes into consideration guidance from the National Institute of Standards and Technology (NIST) that SHA-1 “should not be trusted past January 2014.”
Of note, Chinese researchers were able to crack the SHA-1 algorithm back in 2005, despite previous assumptions that it was virtually unbreakable.
On Wednesday, Benjamin Jun, vice president and CTO of San Francisco-based Cryptography Research, a Divison of Rambus, told SCMagazine.com that 2012 revelations about Flame, sophisticated cyber espionage malware that targeted Iran's oil ministry, also intensified misgivings about the integrity of SHA-1 in the face of evolving threats.
The Flame campaign highlighted the first known malicious collision attack in the wild that exploited the MD5 algorithm, which Jun described as a “baby brother of SHA-1.”
“The Flame attack broke the hash function itself in a ‘collision attack,'” Jun said of MD5.
“SHA-1 is more sophisticated [than MD5], but I think it's appropriate to sunset its use in 2016,” Jun said.
The “SHA-1 Deprecation Policy” applies to Windows Vista and later, and Windows Server 2008 and later, the company said.
Microsoft also said that it would reconsider the policy deadline in July 2015. At that point in time, the company will assess whether SHA-1 is “still considered resistant to pre-image attacks by the security community,” and “whether a significant portion of the ecosystem is not capable of switching to SHA-2” – like third-party legacy systems and embedded devices that can't be upgraded to the preferred algorithm.
The coming changes to Microsoft's policy were announced on Patch Tuesday, the company's designated time each month to release security updates for its software.
On Tuesday, the company also advised users to disable the use of the RC4 encryption – a move it intends to support by providing a registry key via an update that allows developers to “eliminate RC4 as an available cipher in their applications.”
Microsoft recommended users employ AES-GCM in place of RC4.