[Cryptography] Collisions w/SHA-1 ~$100,000 TODAY

[Henry Baker]

FYI -- Oh, SHA-1t !!  Cyber Perl Harbor, here we come!

U.S. military cyber security fails to make the grade

http://news.netcraft.com/archives/2015/10/26/u-s-military-cyber-security-fails-to-make-the-grade.html

The United States Department of Defense is still issuing SHA-1 signed certificates for use by military agencies, despite this practice being banned by NIST for security reasons nearly two years ago.  These certificates are used to protect sensitive communication across the public internet, keeping the transmitted information secret from eavesdroppers and impersonators.  The security level provided by these DoD certificates is now below the standard Google considers acceptable for consumer use on the web.

The Missile Defense Agency, the eventual successor to the "Star Wars" programme, uses one of these SHA-1 certificates on a Juniper Networks remote access device.  The SHA-1 certificate was issued by the Department of Defense in February 2015, long after NIST declared this practice to be unacceptable.

The majority of SHA-1 signed SSL certificates issued for use on publicly-accessible websites within the past few months, and that are valid beyond the start of 2017, were issued to hostnames under the .mil sponsored top-level domain.  This sTLD is used by agencies, services and divisions of the United States Department of Defense.

Many other SHA-1 certificates used by .mil websites are valid beyond the start of 2017, which means that Google Chrome already regards them as affirmatively insecure, crossing out the padlock icon.

DoD PKI infrastructure

The Department of Defence PKI infrastructure relies on two root certificate authorities (DoD Root CA 2 and DoD Root CA 3), but ***these are not included in all browsers by default.***

...

Although the DoD PKI infrastructure is not trusted by all browsers, it is nonetheless surprising to see it flouting some of the well-founded rules and recommendations that apply to publicly trusted certificates as well as recommendations made by NIST.  Many of these guidelines are backed by valid security concerns – in particular, using SHA-1 for signature generation is now considered ill-advised, as any well-funded attacker can plausibly compromise the affected certificates.

The risk to the Department of Defense is further heightened by enemy goverments being the most likely sources of attack.  The projected cost of attacking SHA-1 is unlikely to be prohibitive, and some governments may already be in a position to find a hash collision faster than the most organised criminals.