Phasing out SHA-1

Hash algorithms such as MD5 and SHA-1 are important mathematical functions used widely in software, particularly in secure protocols such as SSL/TLS and SSH.

These functions are supplied a block of data, known as the message, and produce a much smaller hash value, known as the message digest or simply the digest. The same message will always result in the same digest. The key thing to know about hash algorithms is that if the contents of a message have been altered, the digest is also different. It is also extremely difficult to find a message that will produce a given digest, and hence they are known as one-way functions.

Hash algorithms are used for many purposes, such as verifying the integrity of data or files, password verification, and building other cryptographic functions such as message authentication codes (MACs) and digital signatures.

In SSL/TLS hash algorithms are used as a step in the creation of digital signatures for certificates, and in SSH they are used in MACs.

For the last 20 years, the cryptographic hash algorithm known as SHA-1 has been widely used, together with MD5. In particular SHA-1 has been used in the X509 certificates that underpin the identity of websites on the Internet. Certificate authorities issues certificates for particular websites, and browsers are configured to trust the certificates issued by the main certificate authorities. So when you connect to Amazon to make a purchase, you know that you are actually connecting to the legitimate Amazon website, because they provide a certificate to your browser that is trusted and that guarantees it.

SHA-1 is now getting too old (MD5 already is), and the possibility of successful attacks on its integrity are becoming more likely. Accordingly, it is being phased out by browser providers and certificate authorities by January 1, 2017. Some certificate authorities will no longer issue SHA-1 certificates as of 2015. The replacement hash algorithms are known collectively as SHA-2, and compromise a group of more secure hash algorithms such as SHA-256 and SHA-512.

This means a minor change for CompleteFTP as of version 8.1.6, which has just been released - the self-signed certificates that are generated by default on install will use SHA-256.

CompleteFTP already supports SHA-256 and SHA-512 HMACs for SSH/SFTP as of 8.1.3, so where possible these HMACs should be used and SHA-1 and MD5 disabled. As some SFTP clients do not yet support SHA-256 and SHA-512, this should be checked prior to disabling.

Posted by John Faulds in