2

SHA-1 is on the way to deprecation, in particular for digital certification (x509). But I can't find ressources about SHA-1 deprecation from SSL/TLS Cipher Suites.

Is it implicit, as deprecation implies that SHA-1 usage will be deprecated in all cases ? Or is there a different strategy concerning SHA-1 usage in Cipher suite ?

I also don't understand how attackers could forge SHA1 certificate signature, as the hash is still "protected" by the signature (CA private key). So forging the hash with collisions, ok, but one would detect that hash is not trusted anymore (signature wouldn't be the same). I miss something ?

crypto-learner
  • 347
  • 1
  • 4
  • 11

1 Answers1

3

Ciphers don't use signature schemes. They do use MACs, which are different (and employ HMAC variants of hash functions, e.g. HMAC-SHA1). There is no danger in using SHA1 in this manner (or MD5 either, but I wouldn't advise doing that if you can avoid it). TLS 1.0 and TLS 1.1 also use SHA1 and MD5 internally, but this is still considered secure because they use them differently than certificates do. The main reason SHA1 is becoming deprecated is because the community believes attackers may someday soon gain the ability to forge SHA1 certificate signatures.

flashbang
  • 163
  • 8