Submitted via IRC for TheMightyBuzzard
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates.
"The SHA-1 cryptographic hash algorithm first showed signs of weakness over eleven years ago and recent research points to the imminent possibility of attacks that could directly impact the integrity of the Web PKI," Chrome Security team member Andrew Whalley explained.
“Website operators are urged to check for the use of SHA-1 certificates and immediately contact their CA for a SHA-256 [i.e. SHA-2] based replacement if any are found,” he advised.
Certificate Authorities stopped issuing SHA-1 signed SSL/TLS certificates on January 1, 2016, but some of them are still valid.
Source: https://www.helpnetsecurity.com/2016/11/17/browsers-stop-sha-1-certificates/
(Score: 2) by Username on Friday November 18 2016, @10:13PM
They should also set a date to remove support for SHA-2 in a few months, and start issuing SHA-3. So on and so forth.
(Score: 4, Informative) by NCommander on Friday November 18 2016, @10:36PM
Algromiths are only retired when they are broken, or at risk of a collision attack (which is the case of SHA-1). The SHA program is designed to have multiple algros available to provide diversity in the ecosystem, and I won't be surprised that browser support for SHA3 will be coming along soon. With SHA1, there are ways to basically cause a certificate collision, and get an unconstrained CA certificate that would be trusted by all major browsers. Right now, the attack likely requires nation-state resources but as MD5 showed, that bar will get lower and lower as time goes on.
SHA2 won't be retired until their are known weaknesses and/or breaks that will cause us to start the whole process over again.
Still always moving
(Score: 2) by RamiK on Friday November 18 2016, @11:23PM
Much of the SHA-2 set is practically within the reach of state actors: https://eprint.iacr.org/2016/374.pdf [iacr.org]
Regardless, throw out general purpose programming and I'm sure a custom DSP could run circles around those super-computers with their over-sized caches and deep predictive trees causing all manner of latencies.
compiling...
(Score: 2) by RamiK on Friday November 18 2016, @10:46PM
SHA-2 includes SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
SHA-224 isn't in TLS 1.3 since it's been shown to have issues. If SHA-256 shows any weaknesses they'll remove it too when the time comes.
compiling...