You are here
Recent Attacks on SHA-1 - freestart collisions
Last update on 28. October 2015 - 8:56.
The enduring progress in the cryptanalysis of the SHA-1 hash function has decreased the cost of successful attacks on SHA-1 signatures significantly, and they will become insecure earlier than expected. Details about the freestart collision attack, a.k.a. SHAppening can be found in [1]. The research group estimates that criminal syndicates are now (Fall 2015) able to generate SHA-1 collisions.
There is a serious risk that attackers may use SHA-1 collision attacks to forge existing certificates in the near future. This can be prevented by updating clients and servers to stop accepting SHA-1 certificates. Browser vendors like Microsoft, Google and Mozilla have announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
We recommend to identify any SHA-1 certificates and replace them by SHA-256 certificates as soon as possible. For server certificates on Airlock WAF, the signature algorithm is visible at "Application Firewall" - “Certificates” - “Certificate content":
If you are using client certificate authentication with Airlock WAF and you no longer need support for SHA-1 client certificates (i.e. all your client certificates are based on RSA/SHA-256 signatures), you can add the following Apache Expert setting on the corresponding virtual host or mapping to stop accepting certificates with signature schemes other than RSA/SHA-256.
SSLRequire %{SSL_CLIENT_A_SIG} == "sha256WithRSAEncryption"