What is SHA-1 and how is it used?
SHA-1 (Secure Hash Algorithm 1) is one of four standardized cryptographic algorithms in the Secure Hash Algorithm family developed by the United States National Security Agency and published by the National Security Institute of Standards and Technology (NIST). SHA-0 was the first of the family, published in 1993 under the name SHA. In 1995 SHA-1 was published as a correction to SHA-0 weaknesses. Similar to other hashes, SHA-1 irreversibly transforms a string of input characters (message), into a shorter, fixed length output (message digest or hash); the hash represents a cryptographic fingerprint of original character string.
Hashes are used to digitally sign content to assure the content’s integrity. For example, a hash of an electronic file can be transmitted along with the electronic file itself to substantiate authenticity. If the electronic file is hashed by the SHA-1 algorithm before and after transmission and the post-transmission hash matches the pre-transmission hash, the received file was transmitted without error and can be considered authentic.
Hashes validate many types of electronic content including identification content (assuring you are who you say you are). Similarly, hashes are used a part of a secure information exchange between your browser and a website you may visit. The browser uses hashes to assure that a neutral, trusted third party service called a Certificate Authority (CA) is authentic. The CA is in turn interacts with your browser to (i) let you know that the website is authentic (the lock you see in your browser from a CA issued certificate) and (ii) to facilitate encryption between your browser and the website. This layered communication between the CA, your browser, and the website depends on hash functions like SHA-1 and encryption infrastructure called Public Key Infrastructure (PKI).
Why are hash algorithms like SHA-1 so important?
SHA-1 is widely used in security protocols and applications including: encryption used to securely connect to websites, Virtual Private Networks (VPNs), secure email delivery, Public Key Infrastructure (PKI) and most secure network connectivity. Some of the more popular SHA-1 based protocols include TLS, SSL, PGP, SSH, S/MIME, and IPSec.
As a unique mathematical fingerprint of its message input, a hash must meet two conditions to be useful. It must be:
- Unique
- Irreversible
For example, if the electronic message to be hashed were a 3,000 word essay, the change of a single comma would create a new, unique hash. SHA-1 hashes are 40 digits long, and if secure, the hash could not be mathematically reversed back to the electronic version of the 3000 word essay.
Like all systems, with enough effort, a hash can be broken. If an attacker can successfully manipulate a hash algorithm to yield the same output from two different inputs, a collision occurs, opening the door to forgery and impersonation. Similarly, if the hash algorithm can be mathematically reversed to reveal the original message, the hash algorithm’s useful life is over.
What is the problem with SHA-1?
The relative strength of SHA-1 is measured by the bit length of its message digest or hash; SHA-1 has a 160 bit message digest. With the progression of computing power, SHA-1 can now be mathematically defeated with less than $100,000 worth of computing power. Further SHA-1 weaknesses are described below.
- Most SHA-1 hashes today can be translated back to their original message via applications and websites that match prior computed hash-message relationships using tools like Rainbow tables.
- Cryptography expert Mark Stevens documents a 2011 attack where hash collisions demonstrated the weakness and insufficiency of SHA-1.
- The InfoWorld October 2015 article titled “SHA-1 hashing algorithm could succumb to $75K attack, researchers say”, describes how using freely available cloud computing facilities make a SHA-1 collision affordable to online criminal groups.
- Cryptography expert Bruce Schneier discusses in his October 2015 blog how a break of the full SHA-1 was possible with only 10 days of computation on a 64 GPU cluster.
SHA-1 is no longer secure and needs to be replaced by newer, more complex hashes like SHA-2 and SHA-3. This need extends to all systems that use SHA-1 including both internal and public facing systems. Almost all systems today from workstations to servers, regardless of business size, interact with one or more computers that are encumbered by SHA-1 technology. This fact create a second issue, application compatibility. As early as July of 2016 major tech firms will block SHA-1 certificates.
- PC World reports that Microsoft is considering blocking SHA-1 certificates as early as June, 2016
- January 1, 2016 Microsoft Products, including Internet Explorer will cease to trust SHA-1 code signing certificates
- January 1, 2017, Microsoft products will cease to trust SHA-1 website SSL certificates
- Microsoft Windows XP SP2 and prior releases do not support SHA-2
What should you do?
Understand the system dependencies on SHA-1 for both your systems and those that you rely upon and get started on the upgrade and testing projects. There is no shortage of code that breaks when you attempt to introduce SHA-2 or SHA-3. If you have a SHA-1 based PKI and you have not started the upgrade path, your timeline may already be challenged, particularly if your implementation is large or your maintenance windows are few.
Further Inquiry
If you would like to discuss this topic further, feel free to add comment below or contact us by phone: 214-216-6000 or email: [email protected].
Authors and Contributors
Randy Lahti
Information Security Service
Security Architect, Partner
Gary Green
Information Security Service
Security Architect, Partner
Leave A Comment