28 February 2017
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.
It’s been expected for a long time, now it’s finally happened: the research team from Marc Stevens at CWI Amsterdam teamed up with Google to create two files with the same SHA-1 hash. Hash functions like SHA-1 are an important building block of almost all cryptographic protocols. If collisions are found, they are considered broken for most cryptographic use cases.
While this is an important result, it wasn’t unexpected: In 2005 Xiaoyun Wang and her team found major weaknesses in SHA-1. Since then it was clear that breaking SHA-1 was just a matter of resources.
SHA-1 is used in TLS for several purposes. Certificate signatures utilized the hash function in the past, but pressure from browser vendors made certificate authorities switch to the stronger SHA256. However, there are still regular requests for exceptions in order to support old hardware. In response to the collision, Firefox has completely disabled support for SHA-1 signatures in certificates.
Signatures within the TLS handshake also often use SHA-1. TLS 1.1 uses a combination of SHA-1 and MD5. The newer TLS 1.2 allows different hash functions, but still provides an option for SHA-1. The weaknesses of these constructions have been investigated in the SLOTH research published last year.
This subscription is just for the newsletter; we won't send you anything else.
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof SSL and TLS, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 1,500 students who have benefited from more than a decade of deep TLS and PKI expertise.