Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday December 11 2015, @04:55PM   Printer-friendly
from the failure-to-communicate dept.

http://arstechnica.com/security/2015/12/sha1-sunset-will-block-millions-from-encrypted-net-facebook-warns/

SHA1 certificates for secure SSL/TLS communications are deprecated due to known computational vulnerabilities. To ensure secure communications, a forced deprecation sounds reasonable (i.e. refuse to connect to these). That has the side effect that it will lock out many users who are unable to use stronger hashes such as SHA256. However, if a fallback to SHA1 is provided (as Facebook is proposing), everyone will be vulnerable to SHA1 downgrade man-in-the-middle attacks.

What to do?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by vux984 on Friday December 11 2015, @05:08PM

    by vux984 (5045) on Friday December 11 2015, @05:08PM (#275027)

    It says 7% of the worlds browsers don't support SHA256, which I can accept.
    But what percentage of that 7% can't upgrade or install a modern browser alongside their antique (if for some reason they absolutely must continue using IE5 for something -- which sadly is a real thing. )

    If 95% of the users on old browsers can simply download chrome or firefox or whatever then this is a much smaller problem then they claim.

    • (Score: 0) by Anonymous Coward on Friday December 11 2015, @05:12PM

      by Anonymous Coward on Friday December 11 2015, @05:12PM (#275033)

      I don't know which versions of web browsers are supported, but the major browsers no longer install on at least old versions of OSX. I still support the forced transition instead of downgrade support.

      • (Score: 2, Redundant) by pendorbound on Friday December 11 2015, @05:22PM

        by pendorbound (2688) on Friday December 11 2015, @05:22PM (#275043) Homepage

        Current Firefox installs down to SnowLeopard which was released in 2009. The last PPC-based Mac (that can't update to Snowy) was released in 2006.

        No question you still have people out there using PPC Mac's, but I think it's time... Maybe someone can backport SHA-256 to Firefox 16.

        • (Score: 4, Informative) by SomeGuy on Friday December 11 2015, @06:07PM

          by SomeGuy (5632) on Friday December 11 2015, @06:07PM (#275068)

          No question you still have people out there using PPC Mac's, but I think it's time... Maybe someone can backport SHA-256 to Firefox 16.

          Already done.

          Firefox 38.4.0 ESR for Mac OS 10.4 and 10.5 on Mac PPC: http://www.floodgap.com/software/tenfourfox/ [floodgap.com]

    • (Score: 0) by Anonymous Coward on Friday December 11 2015, @07:49PM

      by Anonymous Coward on Friday December 11 2015, @07:49PM (#275117)

      Facebook, "caring" for its users?

      Uh, OK...

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @11:08PM

        by Anonymous Coward on Friday December 11 2015, @11:08PM (#275207)

        Facebook do care about their users, because the number of users affects the valuation of the company. The wrong decision here could lead to a drop in Facebook's monthly unique visitors. Even if investors understand the reason for the decrease, the stock price might suffer.

  • (Score: 4, Insightful) by bradley13 on Friday December 11 2015, @05:09PM

    by bradley13 (3053) Subscriber Badge on Friday December 11 2015, @05:09PM (#275028) Homepage Journal

    I see the problem - some people with older systems will be unable to use https. Many of them won't even understand why.

    On the other hand, if we don't force-deprecate SHA1, many end users - and too many web services - will never bother to update. And we will be in exactly the same position in 2 years or even 5 years time.

    --
    Everyone is somebody else's weirdo.
    • (Score: 0, Insightful) by Anonymous Coward on Friday December 11 2015, @05:34PM

      by Anonymous Coward on Friday December 11 2015, @05:34PM (#275051)

      That's fine but......

      I have a openWRT router that I can't upgrade and don't want to. It is not in danger of MIM attacks do to where/how it's used. But I have to keep an old Browser to access it.

      A better idea would be to let me change the TLS like I used to before FF x.x.x was forced on me. Or even just a click thru warning. If ignore it then it's your problem.

      • (Score: 1, Insightful) by Anonymous Coward on Friday December 11 2015, @05:59PM

        by Anonymous Coward on Friday December 11 2015, @05:59PM (#275064)

        What's wrong with using an old browser to access that router, and a new one for accessing the internet? It even gives you additional security, as an internet exploit won't be able to access your local router even if you're logged into it during browsing the net.

    • (Score: 0) by Anonymous Coward on Friday December 11 2015, @05:58PM

      by Anonymous Coward on Friday December 11 2015, @05:58PM (#275063)

      target.com just served me a HMAC-SHA1 cert on checkout.

      They didn't learn much from their data breach last year.

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @06:08PM

        by Anonymous Coward on Friday December 11 2015, @06:08PM (#275070)

        Why would they? You don't actually think corporations care about you do you?

        • (Score: 2) by Nollij on Friday December 11 2015, @09:49PM

          by Nollij (4559) on Friday December 11 2015, @09:49PM (#275161)

          Care about us? Of course not.
          But I would think they care about themselves, and that breach was expensive. $67 million of expensive [nbcnews.com]

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @06:50PM

        by Anonymous Coward on Friday December 11 2015, @06:50PM (#275093)

        Does that really matter in practice? You think the hackers will spend time cracking SHA1 to MITM your connection? If the hackers wanted to they would most likely hack Target directly just like they did before. And it would still probably be easier than cracking SHA1. Same probably applies to most sites.

        And if the big guys/high end hackers wanted to they'd just get a pwned/friendly CA to sign the certs to MITM you. Your browsers will trust those certs by default[1]- spanking brand new 256 bit SHA hash and all. How many of the "important" sites you frequent use certificate pinning anyway?

        [1] Most browsers trust very many CAs by default. More than most people should trust. I've revoked trust on many of the CA certs on Firefox and I definitely don't need most of those CA certs around to use the sites I use. If you're paranoid run a different instance of firefox for your online banking and revoke trust on all the CAs except the ones your bank uses, or use certificate patrol.

        If you use Chrome on Windows or IE, there is no way to know of all the certificates that your browser trusts. Please read: http://www.proper.com/root-cert-problem/ [proper.com]

        • (Score: 2) by edIII on Friday December 11 2015, @08:44PM

          by edIII (791) Subscriber Badge on Friday December 11 2015, @08:44PM (#275140)

          If the hackers wanted to they would most likely hack Target directly just like they did before. And it would still probably be easier than cracking SHA1.

          In what world is attacking the HVAC system to access internal networks a direct attack? They literally went through the air conditioner to attack Target. SHA1 probably never even applied, but I'm not aware of what exploit they used against it.

          --
          Technically, lunchtime is at any moment. It's just a wave function.
          • (Score: 0) by Anonymous Coward on Saturday December 12 2015, @07:02PM

            by Anonymous Coward on Saturday December 12 2015, @07:02PM (#275477)
            In a world where attacking a bank via its HVAC system is like attacking a bank directly and attacking a bank's customer's connections to the bank is not attacking the bank directly.

            You're basically supporting my point even though you can't see it. Especially with your "SHA1 probably never even applied," too. Interesting you could see that but not realize what it means in the big picture.
    • (Score: 3, Informative) by frojack on Friday December 11 2015, @08:03PM

      by frojack (1554) Subscriber Badge on Friday December 11 2015, @08:03PM (#275124) Journal

      Facebook already has a work-around [facebook.com] to force downgrade to http from their https-by-default policy.

      (I find it odd that facebook, which is all about duping everyone into releasing every private detail of their lives to the world is even bothering with https).

       

      --
      No, you are mistaken. I've always had this sig.
  • (Score: 5, Insightful) by Anonymous Coward on Friday December 11 2015, @05:14PM

    by Anonymous Coward on Friday December 11 2015, @05:14PM (#275034)

    Who the fuck cares what Facebook warns about? Fuckerberg can go choke on a bucket of dongs.

    • (Score: 2, Disagree) by SomeGuy on Friday December 11 2015, @06:15PM

      by SomeGuy (5632) on Friday December 11 2015, @06:15PM (#275077)

      Really, secure connections should only be needed for truly sensitive data like banking. It is a rather sad state of affairs that a login to some dumb social media site is considered a matter of life and death.

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @06:21PM

        by Anonymous Coward on Friday December 11 2015, @06:21PM (#275081)

        Well you might like having all your non critical communications in plaintext and monitored by a half dozen countries, but I don't.

      • (Score: 3, Informative) by Anonymous Coward on Friday December 11 2015, @06:52PM

        by Anonymous Coward on Friday December 11 2015, @06:52PM (#275096)

        Secure connections should be used for all transmission of credentials.

      • (Score: -1, Troll) by Anonymous Coward on Friday December 11 2015, @07:44PM

        by Anonymous Coward on Friday December 11 2015, @07:44PM (#275112)

        It is a rather sad state of affairs that a login to some dumb social media site is considered a matter of life and death.

        Maybe not death but life. So much can go wrong. False flag etc. Ready to be "gang raped" by the system and everyone who thinks you're a pedophile?

        And why are you SomeGuy? Is that your real name or is your real name truly sensitive data too? A matter of life and death?

        • (Score: 2) by cafebabe on Saturday December 12 2015, @07:47AM

          by cafebabe (894) on Saturday December 12 2015, @07:47AM (#275330) Journal

          At times like this, I wish that I had picked a witty username like WitnessProtected or TheFBI [bash.org].

          --
          1702845791×2
      • (Score: 2, Insightful) by Anonymous Coward on Friday December 11 2015, @10:26PM

        by Anonymous Coward on Friday December 11 2015, @10:26PM (#275188)

        > Really, secure connections should only be needed for truly sensitive data like banking.

        No, secure connections should be used for ALL data. Otherwise it calls attention to itself and makes it easy for attackers to focus on the most valuable network traffic.

        This is a case of "a rising tide lifts all boats."

  • (Score: 5, Insightful) by pendorbound on Friday December 11 2015, @05:17PM

    by pendorbound (2688) on Friday December 11 2015, @05:17PM (#275037) Homepage

    Two options:

    1) A small number of users get an obvious error message that says they can't connect securely.
    2) The entire world thinks they're connecting securely while secretly getting downgraded and probably having no idea there's an MitM in place.

    Break the 7%. No question it's better than see an error & know you're insecure than have get no warning that you're insecure.

    • (Score: 3, Interesting) by tempest on Friday December 11 2015, @05:54PM

      by tempest (3050) on Friday December 11 2015, @05:54PM (#275061)

      I find it hard to believe this 7% isn't finding most of the internet dysfunctional already. If you're using windows XP with service pack 2 or lower, you have a lot more issues than this.

      The bigger problem is that you may not get an "obvious" error. I had this kind of issue a few weeks ago when a vendor was complaining they couldn't connect to a website because of "networking problems". Eventually I tracked it back to the version of IE they were using didn't support the required encryption to connect to the site. But the error was "cannot connect" with the usual Microsoft kind of "there could be a million things that are wrong" debugging help.

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @06:13PM

        by Anonymous Coward on Friday December 11 2015, @06:13PM (#275075)

        I have an Ancient GnuSense Laptop that I have not gotten around to upgrading yet. I get similar mysterious failure. Sometimes websites will work for a while, then suddenly refuse to (looking at you ixquick).

        I strongly suspect lack of support for newer hash algorithms is the problem.

    • (Score: 3, Interesting) by Hyperturtle on Friday December 11 2015, @08:05PM

      by Hyperturtle (2824) on Friday December 11 2015, @08:05PM (#275125)

      Can I still have the option to visit a site in cleartext?

      I promise not to log in if they take away the ability for me to log in and share personal data in clear text.

      It may be I just want to read something and don't want to have to replace old hardware to do it.

      Sort of like how hard it has become to set up a personal file share that various devices can access without having to fight the requirement for a cloud of some kind. Some hardware is designed to never connect locally and always to some remote service with terms of services that may change...

      It'd be nice if there was still an internet out there that was cleartext and low bandwidth and worked on older devices. I'd visit it. I guess there would be less sites due to the ads probably not working on such a model, but I can probably donate to a site following that model. I'd probably set one up myself...like how people used to have geocities pages or use their free 2MB of space given by their dialup provider in amazingly low bandwidth ways...

      • (Score: 0) by Anonymous Coward on Friday December 11 2015, @10:10PM

        by Anonymous Coward on Friday December 11 2015, @10:10PM (#275178)

        You may be interested in Gopher. Browser support has been removed over the years, rather than maintained, however.

        I have interest in (but have not tired) CJDNS, but that does not meet your "cleartext" criteria. Gopher should work fine over it though (If you have an IPv6 aware gopher host)

        • (Score: 2) by Hyperturtle on Monday December 14 2015, @12:37AM

          by Hyperturtle (2824) on Monday December 14 2015, @12:37AM (#275922)

          I'll give that a shot. I still like to stumble across telnet BBS's -- some that are in ANSI are a rare treat to behold.

  • (Score: 0, Insightful) by Anonymous Coward on Friday December 11 2015, @05:30PM

    by Anonymous Coward on Friday December 11 2015, @05:30PM (#275049)

    Can't have granny being blocked from facebook... That'd be aweful. FB *IS* the internet!

  • (Score: 1, Insightful) by Anonymous Coward on Friday December 11 2015, @05:55PM

    by Anonymous Coward on Friday December 11 2015, @05:55PM (#275062)

    Why not simply have browsers deny any connection with SHA1? This will protect users of modern browsers from forced downgrading (because the browser won't accept the downgrade), but not block the users of outdated browsers (because those will, of course, not refuse to use SHA1).

    • (Score: 3, Funny) by dyingtolive on Friday December 11 2015, @06:09PM

      by dyingtolive (952) on Friday December 11 2015, @06:09PM (#275071)

      Are... are you really advocating a new version of software as a solution to issues caused by people not upgrading to new versions of software?

      --
      Don't blame me, I voted for moose wang!
    • (Score: 2) by Lunix Nutcase on Friday December 11 2015, @06:13PM

      by Lunix Nutcase (3913) on Friday December 11 2015, @06:13PM (#275074)

      Why not simply have browsers deny any connection with SHA1?

      Because that doesn't actually help here. The entire point this is an issue is due to people who can't upgrade their browser and your solution wold require... updating the browser.

  • (Score: 0) by Anonymous Coward on Friday December 11 2015, @06:04PM

    by Anonymous Coward on Friday December 11 2015, @06:04PM (#275067)

    One thing that worries me is that OpenPGP uses SHA1 for fingerprints. A longer hash would be even more unwieldy.

  • (Score: 2) by RamiK on Friday December 11 2015, @06:59PM

    by RamiK (1813) on Friday December 11 2015, @06:59PM (#275098)

    It's just as secure.

    --
    compiling...
    • (Score: 0) by Anonymous Coward on Friday December 11 2015, @07:04PM

      by Anonymous Coward on Friday December 11 2015, @07:04PM (#275100)

      IPSEC is supposed to let you secure legacy protocols like HTTP and gopher.

      • (Score: 2) by RamiK on Friday December 11 2015, @07:38PM

        by RamiK (1813) on Friday December 11 2015, @07:38PM (#275108)

        IPsec has SHA1 as well.

        --
        compiling...
        • (Score: 1, Interesting) by Anonymous Coward on Friday December 11 2015, @08:11PM

          by Anonymous Coward on Friday December 11 2015, @08:11PM (#275127)

          dammit. Sound like MD5 all over again.

          To this day, POP, SMTP, SIP (possibly a stretch to include this one), PPPoE all use MD5 hashing as their strongest form of authentication.

          • (Score: 0) by Anonymous Coward on Saturday December 12 2015, @02:51AM

            by Anonymous Coward on Saturday December 12 2015, @02:51AM (#275281)

            That is just not true for at least some of the protocols you cited. For example, SMTP can use any registered SASL. There are many different versions, including SCRAM-SHA-256, that do not have MD5 be their strongest form.

  • (Score: 3, Insightful) by VanderDecken on Friday December 11 2015, @11:15PM

    by VanderDecken (5216) on Friday December 11 2015, @11:15PM (#275212)

    It makes you wonder how many are embedded devices that (for good or bad) are talking to external systems. If so, that's a serious update nightmare that is already causing problems with other vulnerabilities.

    --
    The two most common elements in the universe are hydrogen and stupidity.