May 16th, 2008 by Adam
So it turns out that SHA-1 might be broken. If not broken as such, it’s certainly bruised and its ability to be relied upon is in a significant amount of doubt. But why should that matter? We can just use SHA-256 or SHA-512 for more security, can’t we? Well yes we can… but does that actually help the wider issue?
Think about this in another way: If you receive a signed email from a contact of yours and it verifies correctly, do you check what method of signature was used on the email? I’d suggest that unless you’ve fitted yourself for a tinfoil hat, you’re unlikely to do this. Seeing as the signature process is employed to provide verification, we need a method that can use in a widespread manner and that we can rely upon. Is it time to revoke SHA-1 and DSA signatures? Should encryption and signing packages refuse to verify messages and files signed using these methods? Perhaps. However, it’s extremely unlikely that this would be implemented – md5 was broken some time ago and yet it’s still used for verification of file downloads etc in a farily widespread manner. So what should we do to protect ourselves from potentially forged digital signatures?
In my opinion, it requires a bit of common sense. The chances are that if you receive a signed email from a friend asking what you have planned for the weekend for example, it’s fantastically unlikely that this kind of signature would be forged and therefore the use of SHA-1 is really not going to compromise anything. However, if you are communicating with contacts regarding a multi-million pound (or multi-million dollar, multi-million Euro… I think you see what I mean) contract, perhaps it would be far better to use a more reliable signature algorithm. SHA-512 would be preferable, and there would be no issue requesting that contacts use this to sign their communications. If you receive an email requesting millions of <insert currency here> that is signed using SHA-1 or DSA, perhaps you could request that they confirm and sign the message using a more secure method.
I’m not advocating the use of tinfoil hats at all and really do think it’s a case of common sense. I wonder how many people have considered this? If you think about it and others think about it, perhaps SHA-1 will be retired naturally by lack of use rather than an official announcement that it’s no longer secure enough…