This summer will see the beginning of the end for some of the most obsolete cryptographic algorithms on the in...
Google will drop support for SSLv3 and RC4 for email after June 16, 2016; with the upcoming Windows 10 Anniversary Update, Microsoft will no longer consider any websites signed with a SHA-1 certificate to be secure. Google Chrome already displays an error when it encounters a website signed with a SHA-1 certificate.
It's been more than 11 years since researchers first showed the secure hash algorithm SHA-1 was vulnerable to practical brute force attacks, 16 years since the SSLv3 protocol was replaced by the TLS protocol and 28 years since the stream cipher RC4 was developed. And although the Internet Engineering Task Force went so far as to specifically prohibit support of SSLv3 in 2015, SSLv3 and other older cryptographic algorithms and protocols still linger online because they were built into countless applications instead of being implemented in more easily managed and updated libraries.
"They don't actually break anything -- they're just not secure," said security expert Bruce Schneier, adding that the old protocols are still usable. "[S]ecurity is a weird property because as far as you're concerned they work just the same as they did last month. It's not like they don't work anymore."
Deprecation road maps, and how to ease the journey
Last year, Google cited the many known problems with SSLv3 as reason to drop support for it, noting also that "RC4 is a 28-year-old cipher that has done remarkably well but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used."
Microsoft's Edge Team in April blogged about its accelerated schedule for SHA-1 deprecation: "Starting with the Windows 10 Anniversary Update, Microsoft Edge and Internet Explorer will no longer consider websites protected with a SHA-1 certificate as secure and will remove the address bar lock icon for these sites," Microsoft wrote. "These sites will continue to work, but will not be considered secure. This change will be in upcoming Windows Insider Preview builds soon, and will be deployed broadly this summer. In February 2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates."
What's the problem?
Schneier, now CTO at Resilient Systems (an IBM company), said that problems arise when updating cryptographic algorithms like SHA-1, RC4 and SSLv3 because of a desire to maintain backward compatibility.
"Your door lock is crappy," Schneier said. "Well, we can't replace it with a new door lock because of the old key, so we're going to add a new door lock, and you can use either one. Have we made anything different? No. It's just as insecure. So, the backward compatibility is important."
"If you have backward compatibility, you get no benefits from upgrading. It's even worse. Take the door lock example: Either the new good lock will unlock the door or the old, bad, lock. All the criminals are going to use the old, bad lock."
"You don't want to be backward compatible," Schneier said, even though "we like backward compatibility. That's one of the things that makes upgrading hard."
The other issue, Schneier said, is the same as the Y2K problem: "The date was hard coded everywhere, and it was a real pain to pull it out. Encryption is the same way: A couple of decades ago, a lot of programmers who weren't cryptographers thought ... just write it in, just code it in. And that made it really hard to update. Microsoft had this problem with MD4, they had it stuck in thousands of places, and they had to manually deal with every last one. And that was hard."
The good news is the migration off of these outdated cryptographic algorithms won't necessarily be a painful process for everyone. "Most users running current browsers on current operating systems and connecting to properly configured and up-to-date server[s] won't even notice that any change has occurred," said Joe St Sauver, security scientist at Farsight Security Inc., in San Mateo, Calif.
However, St Sauver said, users on older software could face major challenges. "If you're running Windows XP, life may not be pleasant," he said. "Administrators who haven't been keeping their cryptographic libraries up to date will be the group that will likely howl the loudest -- and need to do the most work -- to bring their systems current. Sadly, some people have just totally ignored the issue for years and years now. The last holdouts will only update when stuff breaks."
Learn more about the importance of the upcoming transition to SHA-2.