Security Experts:

Connect with us

Hi, what are you looking for?



Mozilla Could Start Rejecting SHA1 Certificates Sooner Than Planned

Following reports that the cost of breaking the SHA1 Internet security standard is lower than previously estimated, Mozilla is considering rejecting SHA1-based certificates half a year earlier than initially planned.

Following reports that the cost of breaking the SHA1 Internet security standard is lower than previously estimated, Mozilla is considering rejecting SHA1-based certificates half a year earlier than initially planned.

Researchers have been finding weaknesses in SHA1 since 2005 and the industry generally agrees that it’s time to move away from the outdated algorithm. Since migrating to a more secure alternative too quickly could break the Internet, major web browser vendors such as Microsoft, Google and Mozilla announced plans to kill SHA1 by January 1, 2017.

In a blog post published on Tuesday, Mozilla said it has already added a security warning to the Web console in Firefox 38 to remind developers that they should not use certificates with signature algorithms that rely on SHA1 or weaker hash functions.

Starting with Firefox 43, scheduled for release in December 2015, the web browser will display an “Untrusted Connection” error when an SHA1 certificate issued after January 1, 2016 is detected.

“This includes the web server certificate as well as any intermediate certificates that it chains up to. Root certificates are trusted by virtue of their inclusion in Firefox, so it does not matter how they are signed,” Richard Barnes, who leads Mozilla’s security engineering team, explained in a blog post. “However, it does matter what hash algorithm is used in the intermediate signatures, so the rules about phasing out SHA-1 certificates applies to both the web server certificate and the intermediate certificates that sign it.”

The current plan is to start rejecting all SHA1 SSL certificates on January 1, 2017. However, since researchers recently demonstrated that breaking the cryptographic hash function is far less costly than initially believed, Mozilla says it’s considering the feasibility of completely killing SHA1 as early as July 1, 2016.

In 2012, cryptography experts estimated that a practical collision attack against SHA1 would cost $700,000 by 2015 and roughly $173,000 by 2018. However, an attack method discovered by researchers from France, the Netherlands and Singapore, dubbed a “freestart collision,” which leverages the power of GPUs, lowers the cost of breaking SHA1 to $75,000 – $120,000 worth of computing power from Amazon’s EC2 cloud.

The OpenSSL bug dubbed “Heartbleed,” whose existence came to light in April 2014, resulted in roughly half a million certificates being potentially compromised. Since companies rushed to revoke and reissue many certificates, SHA2 overtook SHA1 by May 2015.

However, according to the latest SSL survey from Netcraft, there are still nearly one million SSL certificates signed with the SHA1 hashing algorithm.

“Despite being regarded as weak or insecure by one of the most commonly used browsers, over 120,000 of the SHA-1 certificates currently in use on the web were issued during 2015, and 3,900 of these have expiry dates beyond the start of 2017,” Netcraft’s Paul Mutton wrote in a blog post. “The owners of these certificates will undoubtedly need to replace them months — or in some cases, years — before they are due to expire.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA)...