Google has announced that its Chrome browser will stop supporting SHA-1 certificates by 2017. Google hasn’t had confidence in SHA-1’s — the algorithm used for encryption by most SSL certificates, which add the “s” to https:// — ability to keep your information safe for a long time.
Prof. Michael Scott, Chief Cryptographer and Co-Founder of MIRACL explains:
“SHA-1 has been holed beneath the water-line for years, and has been slowly sinking ever since.
However the security industry has displayed its astonishing capacity for lethargy by essentially doing nothing about it. The only way to get these people to act is to provoke a crisis, which is what Google has done. So now we get a headless chicken response. A kind of combination of a “if it ain’t broke don’t fix it” attitude combined with ostrich like head-in-the-sand. And to complete the bird analogies, yes, SHA-1 is indeed a turkey.
Given the importance of internet security, the immaturity and timidity of the security industry never ceases to amaze me.
Users of SHA-1 should have migrated years ago to the long established SHA-2 standards. These are fine, and have no known weaknesses. However the cryptographic community, who are no slouches, have already come up with and standardized a more flexible and modern replacement for SHA-2, unsurprisingly called SHA-3.
But if companies haven’t already switched from SHA-1 to SHA-2, what are the chances of them ever adopting SHA-3? If the automobile industry adopted the same approach we would still all be driving Volkswagen Beetles. Don’t get me started!”
[su_box title=”About Michael Scott” style=”noise” box_color=”#336588″]Dr. Scott joined CertiVox as Chief Cryptographer in November 2011 after the company he founded in 1998, Shamus Software Limited, was acquired by CertiVox. As the creator of the renowned MIRACL (Multiprecision Integer and Rational Arithmetic C/C++ Library) cryptographic library, Dr. Scott’s technology is used by developers in the defense, embedded and mobile systems industries across the world to build highly secure “number-theoretic cryptography” into their hardware and applications. He also serves as the director of CertiVox Laboratories, a Dublin-based center of excellence whose mission will be to promote innovation in the field of elliptic curve and pairing-based cryptography, assist customers in their designs, and further enhance CertiVox’s leading edge in Internet security. In addition to serving as CEO of Shamus Software, Dr. Scott was Head of the Dublin City University School of Computing. He is recognized in the world of cryptography as a leading authority on the subject of elliptic curve and pairing-based cryptography, and in 2002, published one of the seminal papers on the implementation of pairings, Efficient Algorithms for Pairing-Based Cryptosystems.Dr. Scott earned a Bachelor of Science in Electrical Engineering from Queens University Belfast and also completed a one year Masters’ degree at Trinity College before gaining a Ph.D. on the topic of Optimal Control Theory from the University of Dundee, Scotland. He has a Google Scholar based H-Index of 24 and has published more than 75 papers in the field.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.