Microsoft plans to retire support for TLS certificates signed by the SHA1 hashing algorithm in the next four months, an acceleration brought on by new research showing it was even more prone to cryptographic collisions than previously thought.
The software maker hinted at the expedited deprecation in November. Last week, it made those plans official. Sometime this summer (for those in the Northern Hemisphere, anyway) the general release versions of Microsoft’s Edge and Internet Explorer browsers will stop displaying the address bar lock when visiting HTTPS sites protected by SHA1 certificates. The change will occur even sooner for upcoming Windows Insider Preview builds, which are mostly used by developers for testing purposes.
“This update will be delivered to Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7, Windows 8.1 and Windows 10, and will only impact certificates that chain to a CA in the Microsoft Trusted Root Certificate program,” officials in the Microsoft Edge Team wrote.
The post went on to say that SHA1-based certificates would be blocked outright starting in February, one month later than a previous roadmap the company provided.
At the beginning of 2016, browser-trusted certificate authorities ceased issuing SHA1-based certificates. In January 2017, most browser makers have said in the past, they will begin issuing errors when users visit HTTPS sites that rely on SHA1. And both Google Chrome and Mozilla Firefox have long labeled such connections as untrusted even as they continued to allow the connections to go through.
The industry-wide retirement has been planned for years in light of research presented in 2012 that showed that well-financed adversaries could crack SHA1 within six years. Microsoft and other browser makers brought new urgency to the deprecation plan following the previously cited research published in October that found real-world attacks were feasible by the end of 2015. So-called collision attacks—in which two or more inputs generate the same 160-bit hash value—could open the door to digital signature forgeries that could be disastrous for the security of the Internet. SHA1 is being replaced with SHA2, an algorithm that’s considerably more resistant to collisions.