Cryptographic hash algorithms can find themselves becoming outdated over time due to the increased computing power available for brute force attacks and through weaknesses in their algorithm or implementation. As Google observes, the SHA-1 algorithm has had known weaknesses for at least 9 years, as Bruce Schneier described in a blog post.
Given the increasing ease by which attacks these attacks can take place, various intuitions have already recommended against using SHA-1, including the US National Institute of Standards and Technology. Google’s Chrome web browser will now join these organizations by changing how it displays sites that use HTTPS certificates with SHA-1 signatures.
To avoid disrupting users that rely on the SHA-1 support to be present, Chrome will phase in the changes using a staged approach that first alerts users to the SHA-1’s forthcoming expiration and culminates with a red “X” icon in the URL address bar. While users can still navigate to sites using SHA-1, Chrome will visually indicate that they are less safe than sites that have changed from SHA-1 to something more secure.
Google has outlined the following schedule based on Chrome’s branch points:
- Chrome 39 (Branch point 26 September 2014): Sites with end-entity (“leaf”) certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.
- Chrome 40 (Branch point 7 November 2014; Stable after holiday season): Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”. Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “neutral, lacking security”.
- Chrome 41 (Branch point in Q1 2015): Sites with end-entity certificates that expire between 1 January 2016 and 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”. Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure”. Subresources from such domain will be treated as “active mixed content”.
Note that the actual release dates of the Chrome browsers listed above will tend to follow the branch point date by 6-8 weeks. So Chrome 39 should be expected for release in November, Chrome 40 in January 2015, and Chrome 41 in Q1 2015.