Mozilla beheads SHA-1

You have heard of SHA-1 deprecation since 2012. Mozilla finally confirms this is not a joke.

May be you are tired of hearing over and over again about SHA-1 deprecation since 2012 when Bruce Schneier announced that collision attacks may be cost around $700k to perform by 2015, which was the year where the first practical full-on collision attack was lead out by researchers who predicted a costless real world attack may occur on 2018.

Since that, Google, Microsoft and browsers manufacturers have raced the migration from SHA-1 to SHA-2. On last Tuesday, Mozilla gave the pace for this rush by being the first to display the warning Untrusted Connection on its Firefox browser to users visiting a website which SSL/TLS certificate is signed by SHA-1 instead of SHA-256.

Now you may think this paranoia makes no sens as no real world attacks exploiting this technique are known by today. My answer is that lack of paranoia is a synonym of unconsciousness: publicly, there are no known attacks, that is true, but under the hoods who knows? Also, history teaches us how MD5 which is more prone to collision attacks was equivalently used in cyber espionnage attacks against Iran through the famous Flame malware.

The SSL/TLS certificate installed for my website uses SHA-2 as this Python script says:

import os
os.system('openssl s_client -connect < /dev/null 2>/dev/null\
          | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"')


Signature Algorithm: sha256WithRSAEncryption
Signature Algorithm: sha256WithRSAEncryption

I just wonder how much this migration would cost as, in real life, SHA-1 underpins around 35% of the digital certificates existing today resulting without mentioning the nightmares engineers are enduring regarding their unsupported applications or hardware reconfigurations to perform.