Shostack + Friends Blog


Cryptographic Excitement

A couple big stories in the realm of cryptography that got me excited. slow exposure of busy traffic intersection at night

In the last few days, we've seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical, and those practical breaks impact things like PGP and git.

If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1, you need to rapidly version cycle.

Thinking a bit more strategically, SHA-1 was designed by the NSA, and published in 1993. It stood for roughly 25-30 years, which is impressive for a cryptographic algorithm, and reminds us that the NSA is very good at algorithm design. It's a shame that they lost sight of their defensive mission for many years.

The second is that Windows doesn't properly validate cryptographic certificates. Surprisingly, this was reported to Microsoft by the NSA, who decided to take credit for it. Bruce Schneier reports some interesting details, including that the Agency's cybersecurity director did a press briefing(!), and this is not the first vuln reported by NSA to Microsoft. It's not that surprising to me that this was reported to Microsoft — the weaponization potential is massive, and proof of concepts exist. Breaking certificate authentication means you can use any update channel as a distribution point. To me, breaking updates, breaking people's trust in updates and updatability is close to bombing hospitals. It's simply outside what any civilized participant will do. The collateral damage is too high. In theory, the US Government runs a "vulnerabilities equities process" to balance interests, and there's a solid explanation of that process here.

To go back to the SHA-1 story, NSA has been suffering from a lack of public trust as a result of putting back doors into things like EC_DRBG. As a result, we can no longer trust their input to standards processes, and one, two, or two hundred vulnerability reports, while appreciated and appropriate, are not going to fix that.