Migrating from SHA-1 to SHA-2

Here's a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates.

Posted on June 29, 2015 at 6:05 AM • 7 Comments

Comments

Nathan BuuckJune 29, 2015 6:53 AM

I included a reference to another article from a member of Microsoft's Directory Services team in a recent presentation I gave on hardening Active Directory environments. It's a shorter article but has some good guidance on considerations administrators should make before jumping into the process of reconfiguring their internal PKI for SHA-2. I do like the included justification ("Why You Need SHA-2") in the article you linked to, however, as I get a strong sense from customers that there's not much interest in migrating their internal PKI to signing with SHA-2 as of today.

Something that I emphasized in my presentation was that internal PKI based on Windows Server is a not a fire-and-forget solution. Even with Windows Update, adapting to changes in cryptography requires recurring and consistent administrator intervention. We saw this past week that Microsoft pushed a significant set of new third-party CA certificates to customers through Windows Update. Administrators should be reviewing these changes to their PKI and reconfiguring as appropriate for their organization's trust model (for example, un-trusting new CA certificates from CAs that have a history of issuing certificates to unverified parties).

Clive RobinsonJune 29, 2015 7:08 AM

@ Nathan Buuck,

. We saw this past week that Microsoft pushed a significant set of new third-party CA certificates to customers through Windows Update. Administrators should be reviewing these changes to their PKI and reconfiguring as appropriate for their organization's trust model.

This has caused more than a few questions to be raised, and so far --as far s I'm aware-- MS has failed to provide sufficient reason not to send them direct to the bit bucket.

I got fed up with MS's "paternalistic patch attitude" years ago, the trouble is their choice of method is about the most difficult I've seen to "break out" what your site may require from the rest of the crap... As no doubt others will have horror stories of, this has ment that patching "business critical" systems, has had days or weeks delay whilst the patch gets tested and aproved or not. In the meantime, "kidies will play".

CuriousJune 29, 2015 7:35 AM

I remember learning on youtube that quantum computing will/might be the end to relying on the hardness of discrete logarithm problem for security; I wonder, would the introduction of quantum computing be the demise of hash algorithms in general if the issue of hypothetical hash collisions allow for the use of forged digital certificates?

I guess an answer might be that crypto solutions simply scale up periodically to match some desirable hardness level. Would perhaps be interesting if it didn't work this way, with the prospect of "practical" use of quantum computing.

MeJune 29, 2015 9:40 AM

@Curious

Yes, the promise of QC is that of non-determinism. That is, we will be able to solve NP-hard problems in P-time, that is cracking a password (brute force) will be about as hard as testing a given password, instead of exponentially harder.

So far, the QCs they have seem too small scale to worry about (less than a dozen q-bits), but if they scale up (to even 256), and if efficient algorithms can be developed, we could be in for a world of crypto-hurt.

qbJune 30, 2015 2:03 AM

@Me

> That is, we will be able to solve NP-hard problems in P-time

That's not true. At least, most complexity theorists believe it's not. Don't believe everything "journalists" spew. See e.g. https://en.wikipedia.org/wiki/BQP . We may be able to do away with currently dominant flavors of asymmetric crypto (cf. Shor's Algorithm), but there are schemes not amenable to quantum computers, even if those can be built and scaled (e.g. lattice-based crypto).

k14June 30, 2015 3:23 PM

If I am Joe Sixpack Webmaster, and I have five plain old http webpages on a shared webserver, what steps would I need to take to deliver them instead via https?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.