SHA-1 VS SHA-2

 Estamos vendo uma transição do SHA-1 para SHA-2. Saiba por que isso é tão importante.

O texto abaixo é o whitepaper original publicado pelo Conselho de Segurança da CA – CASC). O Conselho de Segurança da CA – CASC, é composto pelas autoridades certificadoras líderes mundiais comprometidas com a exploração e promoção das melhores práticas da implantação e uso do SSL confiável bem como a segurança da internet em geral.

Embora não seja uma organização que defini padrões o CASC trabalha em colaboração para melhorar as políticas de infraestrutura internet.

Para participar do conselho, os membros são obrigados a cumprir os padrões da indústria, tais como os requisitos do  CA / Browser Forum e Diretrizes de Segurança de Rede e são submetidos a uma extensa auditoria anual.

Leia o documento original:

We’re seeing a transition from SHA-1 to #SHA-2. Learn why this is so important in the CASC whitepaper

Overview

Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things:

– Breaking SHA-1 is not yet practical but will be in a matter of years.

– It is important to start transitioning to SHA-2 as soon as possible.

– Much of your legacy software and infrastructure may not support SHA-2 yet.

This paper will provide you information to help you make informed decisions about how to analyze your systems and transition from SHA-1 to SHA-2 in an orderly way. Rather than waiting a few years when SHA-1 collisions start being actively exploited to compromise systems, Trustwave strongly recommends you begin your SHA-1 transition planning immediately.

The first section provides some technical background to help you understand how and when SHA-1 based systems are likely to be attacked. The second section describes the various places certificates are used, and what is going on in the industry. The last section contains real-world considerations that may need to be taken into account as part of planning a transition to SHA-2.

The Problem with SHA-1 – Cryptographic Hash Functions

SHA-1 is a cryptographic hash function used in a variety of places in modern cryptosystems (including SSL/TLS), having replaced MD5 as the secure hash function of choice when a number of security flaws were discovered in MD5. However SHA-1 is now starting to show its age, and is being replaced by the SHA-2 family of hash functions. High and medium security environments have already abandoned SHA-1, for example, NIST has banned the use of SHA-1 effective December 31, 2013.

Unlike SHA-1, which is a 160-bit hash function, there are six SHA-2 hash functions, with a variety internal block sizes and output sizes. The most commonly used SHA-2 hash functions are SHA-256 and SHA-512, with the other four being based on the same functions with different initial values and truncated outputs. In most environments, SHA-256 provides sufficient security and is the SHA-2 hash function that Trustwave recommends transitioning to.

Digital signatures use asymmetric cryptographic operations to provide proof that a message was signed by someone in possession of the corresponding private key. However, asymmetric cryptographic operations are computationally expensive, both in terms of the key size and the length of the input. Because of this, digital signatures, including the signatures used in digital certificates, sign a hash of the message instead of the message itself. As long as the hash function is a “secure” hash function, this is sufficient: it is computationally impractical for the attacker to create another message that has the same hash; therefore he is unable to take the signature and attach it to a new message of his choice.

Breaking this property requires finding two messages that share the same hash. This can be done by repeatedly altering a non-critical field in each message until a message from the first set of messages has the same hash as a message from the second set of messages. Because of the birthday paradox, this happens when the number of messages is approximately the square root of the total number of possible hashes. Therefore, when considering collision resistance, a hash function has an equivalent strength of at most half the number of bits in the hash, and possibly fewer.

Since SHA-1 produces a 160 bit hash, the strength is at most 80 bits. The best current cryptanalysis of SHA-1 uses clever math tricks to reduce that to about 60 bits of effective strength, and future cryptographic advances will continue to reduce the strength even further. Algorithm   Approximate Strength

MD5                                                                  <40

SHA-1                                                               ~60

SHA-256                                                           128

SHA-512                                                           256

Regina Tupinambá – Fundadora do Portal CryptoID

Conheça a campanha #protegebrasil e participe. É sua oportunidade de comprar o certificado para servidor  SSL  SHA2 EV com o  melhor custo benefício do mercado brasileiro, diz Regina Tupinambá, fundadora e diretora de Conteúdo do Portal CryptoID.

Quer entender mesmo SHA-1 vs SHA-2 ?

Então receba informações sobre  ID PLUS Training. Estamos preparando o melhor  e mais completo programa de treinamentos sobre certificação digital da atualidade no Brasil. Cadastre-se para receber informações.

Inscreva-se para receber informações dos Treinamentos sobre Criptografia e Identificação Digital –  ID Plus Training. Compartilhe com seus amigos e com a área de treinamentos da sua empresa! Também ministramos treinamentos customizados “in company” em todo o Brasil.