Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted 67
msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.
I'm so relieved (Score:5, Funny)
that slashdot wasn't affected by this.
Re: (Score:2)
Anyone but self-signed Certificate providers.
All certs effectively do is provide encryption. The whole "provides identity" thing is a myth because there is *no* way to ensure such a thing. There's about a zillion ways to fake that identity. Encryption is guaranteed. Unbreakable encryption is not. That's all you get. That's all you'll *ever* get.
Browser "trust" warnings are nothing more than scare tactics designed by the cert manufacturers, in collusion with browser manufacturers, designed to build a completely unnecessary industry for scamming web site owners out of a huge amount of completely wasted money. Wasted other than funding the cert provider parasites, that is.
Using your reasoning, I could very well be living my life in an NSA created virtual world, so any conversation I have in any capacity at all could be monitored at any time. Even my thoughts! So there is no reason for any of this security what-so-ever and it's all a scam by evil virtual corporations to steel my fake virtual money. Right?
Re: (Score:1)
Without identity, you don't know if its the NSA, your ISP, or the actual site you want to talk to you encrypt with. Without cert warnings an ssl connection is almost as good as no one. Active MITM is not very hard if you already intercept all traffic, and you have a small industry that sells appliance cryptobreaking solutions.
It might be true that certs are overpriced in some cases. But that's what a free market is for. The current highly centralized approach makes high centralisation of security neccessary
Re: (Score:2)
While GP's statement was over the top, it isn't ENTIRELY off base. Lets consider, you connect to a site via. https and look at the cert.
According to the cert, ajaxco says the site is example.com (as expected). But wait, who the hell is ajaxco? Ever heard of them? Any idea how quality oriented they are? How do they KNOW example.com is the one and only example.com? Did they send an investigator? Did they do a corporate records search (for a personal web site, yeah sure)? Or did they make the person who reques
Re: (Score:1)
try being in business and signing your own cert.
Let me know how many tech calls you get because Norton deletes your web delivered exe.
scare or not - It's a money problem unfairly placed on developers.
So 3/4 of them would have already failed? (Score:5, Insightful)
oh. so nobody's actively managing them? (Score:2)
hackers, start your engines...
Re:oh. so nobody's actively managing them? (Score:5, Interesting)
hackers, start your engines...
No ones every managing them. These things are like domain names... they cost pennies and last for years... so despite their importance they fall to the bottom of businesses radar. A place I worked at a few years ago let their multi-million dollar domain expire. The registrar had been sending emails to an employee that had no longer worked there for quite a while...
The end result? It went down on a Sunday, and one of our hourly tech support guys (Making about $10/hr at the time) figured out what happened and registered the domain on his personal credit card and redirected it because he didn't know who to call. He got dinner out with the president of the company who shook his hand, asked him politely if he'd mind transferring the domain back to the company, which he did.
That guy, years later, ended up being my boss and making six figures. It pays to be clever on occasion. He always joked that the company could have sued him for what he did to get the domain back anyway but he was impressed the president thanked him and asked for it back personally.
Re: oh. so nobody's actively managing them? (Score:4, Interesting)
Was the domain being used? Or just squatting on it?
If you were actively using it, and it expired, you have a grace period of anywhere from 30 days to 90 days depending on the TLD, when this happened and who the registrar was/is.
With that said, your point is completely valid. Domain names, SSL certificates, and hosting accounts tend to be forgotten. I own a web design/development/hosting company. We actively maintain records of who we need to be dealing with, as well as their managers in the event our contact stops responding. As well, we introduced a fully managed service in which we manage everything for our clients, and we send them a single monthly invoice. Because it is billed every month, their services continue to Just Workâ, and in turn we are keeping consistent contact with them.
We have had the most problems with non-profit organizations. They are typically volunteer run, with a high turn over rate.
Re: oh. so nobody's actively managing them? (Score:1)
It's quite obvious you don't understand how domain name grace & renewal periods work, then.
When your domain name expires, it immediately becomes unusable. Sometimes the registry changes the name servers, sometimes it simply fails to resolve. The grace period is an extension in time in which you (or your company) can renew it. It does not stay active, but can ONLY be renewed by the current owner.
In order to register an expired domain name you didn't own before it expired, you have to wait until the grace
Re: oh. so nobody's actively managing them? (Score:2)
Typically we are dealing with IT staff, and Accounts Payable. Titles don't mean much in these area's, so knowing the managers of the departments is useful.
I certainly see your point, though. There are plenty of movers and shakers out there.
FTFA (Score:5, Insightful)
“All major browsers will alert users of a site using an expired certificate, and of the 107k affected, only 30k were not expired, and so would no longer be trusted by Mozilla as a result of their recent change,”
So not 107K, only 30k. And that's not a real issue. The browsers are correct, the connection isn't secure at 1024. People can complain as much as they want, trust is not something that is eternally granted without condition.
Re:FTFA (Score:4, Insightful)
trust is not something that is eternally granted without condition.
The condition being to grease the palms of a third party?
Re: (Score:2)
I really don't understand people's hang up with the fee. Certs are cheap as hell. I understand they don't really do that much to verify any one's identity, but its so freaking cheap.
How much abuse is there with fake certificates being issued? I've only heard about a couple of cases. Its better than nothing, and certainly worth the small amount of money.
Re: (Score:1)
So are you saying that money buys trust? How cynical. Let's see how well that goes down in the future.
The whole SSL ecosystem is based on the fact that you can absolutely trust the certificate authorities. The corollary to this is that, if a single CA is breached, then the whole system becomes untrustworthy. I'm confused as to why most of us still refuse to see that. Propoganda and disinformation? Well, the SSL world definitely represents a huge business, and it's clear none of its stakeholders is willing
Re: (Score:2)
"So are you saying that money buys trust"
No.
"The whole SSL ecosystem is based on the fact that you can absolutely trust the certificate authorities."
No, it isn't. Trust is not absolute. Learn this. Please.
Re: (Score:2)
People can complain as much as they want
Yep, that about sums up the Internet.
Re: (Score:3)
People can complain as much as they want
Yep, that about sums up the Internet.
Only half. The other half is "and still get screwed over."
The cert authorities as a whole, following NIST recommendations, decided to not just stop issuing 1024 certs, but also to revoke their 1024 root certs, so anything checking CRLs would just break. Months before the actual deadline. They could have just let those certs run out on schedule, but that wasn't good enough for NIST. Moreso, they could have only sold them such that they ran out on schedule (we were sold a 5-year 1024bit cert in 2009 when
Re: (Score:2)
Yes. It's being dropped because it gave the illusion of security without the actuality.
Unfortunately, a LOT of very public websites are running on old expired certs, which isn't really any better.
People need to stop thinking that "software doesn't wear out" - meaning in this case, the security vouchers. Bits may remain unchanged, but the world does not, and if you expect the entire cost of the system is what you paid for at the "cash register" without accounting for ongoing maintenance, you're a fool.
The more paranoid you are, the less you trust (Score:2)
An unavoidable side effect of trusting less is that you trust less. In this case, ancient websites using outdated crypto, won't be trusted. Most of which already are no longer trusted due to expired certificates.
Several things might happen (Score:3)
2. Maybe most of these un-certificated sites will disappear, though it won't mean much for internet congestion if most are not accessed anyway.
3. Maybe swschard's comment that hackers will have a field day is true, although to what benefit to hackers or detriment to site users?
Good (Score:4, Interesting)
A browser not trusting something that's not to be trusted is a positive thing. Yes, some old sites will suffer. That's how it's supposed to work. They'd better up their game. People expect security to be take more seriously these days, as there is more at stake and more muppets with a lot of time on their hands trying to attack you.
Re: (Score:1)
I agree, but the danger is that when people see more and more security warnings for sites that they trust or that seem legitimate, they will learn to click through all warnings. Non-browser-related example (because who in their right mind would run Java in a browser): For every Java update I get a "revocation information not available" error. Apparently Oracle can't handle their certificates appropriately. They're not likely to fix it. What should I do? Of course I click through it, because an old Java vers
Re: (Score:2)
"they will learn to click through all warnings". Kinda Vista's UAC did for Windows users. Besides, people will go to great lenghts to see lolcats.
The way firefox manages this... (Score:4, Insightful)
Firefox doesn't support the OS's built in certificate stores, which makes it a really big pain in the ass to manage certs yourself (like if your managing certs for firefox users at your company) - you basically have to compile certutil and write all kinds of fun scripts for client devices.
If firefox let me co-manage certs I could just re-add the deprecated cert :).
The way firefox manages this... (Score:1)
And that's probably why they don't, captcha prorate
Re: (Score:2)
Firefox is becoming a real pain in the ass when it comes to certs. I can see displaying a "ZOMG!!! WARNING!!!" when trying to load a low-bit cert, but it fails completely, which makes it unusable for managing more and more enterprise appliances, some of them being brand new. One could go to each and every appliance and LOM module and generate a new high-bit cert but if you've got enough of them in your data center it's a royal pain in the ass to do so.
The solution? Use any browser other than firefox.
Re: (Score:1)
Actually, I like the way that Firefox manages CA.
Where I work, they have pushed CA's to PCs. When I connect to https://mail.google.com, and several other sites, in IE or Chrome, no warning. The company's MITB computer is not detected. When I connect with Firefox, I get the proper warning.
Of course, most people think that Firefox is the problem and prefer Chrome until I explain what's really going on. If I want to add the company's CA manually, I can but at least it's my choice.
Re: (Score:2)
I'm going to go out on a limb and suggest (and this is just a hunch) that you don't know what you're talking about.
Re:So 1024 Bits Not Enough Now? (Score:5, Informative)
Symmetric and asymmetric keys are different things and have different key lengths. One cannot directly compare key sizes between two wholly different classes of ciphers. There are numerous reasons, mostly involving arcane mathematics, why asymmetric ciphers require longer key lengths than symmetric ciphers to offer similar levels of protection.
For example, a 1024-bit RSA key (RSA is an asymmetric cipher) is essentially equivalent to an 80-bit symmetric key (AES, 3DES, etc. are symmetric ciphers). SHA1, a hashing algorithm, provides less than 80 bits of security; those wishing stronger signatures are switching to SHA-256 (which offers 128 bits of security) and SHA-512 (which offers 256 bits).
A 2048-bit RSA key, such as those used by most CAs and web servers these days, has the same strength as a 112-bit symmetric key. NIST says [keylength.com] they should be good enough until around 2030.
3072-bit RSA keys offer the same strength as a 128-bit symmetric key. A whopping 15,360-bit RSA key would be needed for 256-bit security; the same level of security could be achieved with a 512-bit elliptic curve key, which would be much, much faster than such a large RSA key.
Re: (Score:2)
... the same level of security could be achieved with a 512-bit elliptic curve key, which would be much, much faster than such a large RSA key.
It'd be faster for the NSA too - it's a win-win!
Re: (Score:2)
You're confusing the cost of legitimate operations with the cost of searching the key space. You don't want legit users to bear too much cost since everyone ends up paying that over and over, but you do want the cost of searching to be high since that's not something that people should be doing.
Re: (Score:2)
I was thinking the same, and I'm no expert in cryptography. After all distributed.net have spent 12 years trying to brute-force a 72-bit key and have only managed to test 3% of the total keys. 2^1024 is such a mind-bogglingly large number the entire world's computers couldn't crack it in a billion lifetimes.
Anyway, wiki to the rescue:
As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to
And of those trusted (Score:2)
you'll never know how many you can't trust.
They declared that security required, https (Score:2)
The sites got certificates and installed them several years ago, before thw current "https everywhere " trend. In other words, they decided that because they were handling sensitive information, they needed a secure connection. Maybe they have an order form,that accepts credit cards, whatever. For some reason, they needed to be more secured than most sites. The URL in the address bar says "https", indicating that it is secured. We know that although they publicly declared that their site should be
Re: (Score:2)
I just wish DANE [wikipedia.org] was farther along (plus DNSSEC).
Seems kind of pointless- the DNS has to be subver (Score:2)
DANE seems very nearly pointless to me. Maybe I'm mising something. The victim goes to Paypal.com. Their browser checks the certificate to make sure it's really Paypal.com, as opposed to a MITM or someone who hijacked Paypal's DNS. That's the typical use for TLS, right?
So checking the cert is supposed to protect the user from an adversary who can intercept packets addressed to Paypal.com and send back bogus responses. That means the adversary can intercept DNS packets intended for Paypal.com and resp
Re: (Score:2)
It may also eliminate the need for CAs and certificate altogether. You just store the public half of your certs in the DNS system.
Re: (Score:2)
-> It may also eliminate the need for CAs and certificate altogether. You just store the public half of your certs in the DNS system
That's the problem. By the time a TLS certificate comes into play, the DNS must have already been compromised (directly or via mitm). The certificate is designed to alert you if the server you're talking to isn't who you think it is - based on DNS.
Math. (Score:4, Insightful)
So, the headline should really say 31,000, since 76,000 shouldn't be trusted regardless of what Mozilla does.
Re: (Score:2)
It's much more important than the 31k affected sites, 1024 roots are weak enough targets that just about any nation state and many crime syndicates can create a flood of valid and trusted certs just by factoring the private key of that one CA cert.
Re: (Score:2)
If there are only 31K affected sites, how can it be "more important" than that? The rationalization you give only applies to sites with 1024 roots, which has been stipulated to be those 31K. Where's the "more?"
Meh! (Score:2, Insightful)
So basically the net effect will be another warning page to click through when visiting the sites in question? Do end users really know what any of this stuff really menas?
And I care about this why ?? (Score:2)
Seriously, how does this effect web browsing for the average Joe?
Re: (Score:3)
If you visit an affected website in Firefox 32+ it'll warn you about the SSL certificate and you'll have to take a couple extra steps to visit it. For you it's an inconvenience, but only if you use one of these sites. For the website operator maybe it'll shame them into getting an updated certificate.
Re: (Score:2)
Re: (Score:2)
Is this alteration specific to self-signed appliances, like a NAS? Or would this bypass for all self-signed certificates?
Also, this sounds like a good thing to keep a record of, with regards to documenting changes in your about:config.
Exaggerated, somewhat hysterical decision (Score:2, Insightful)
RSA-1024 are still safe, despite what many fearmongers have been preaching for years. It was only a few days ago
(http://www.newscientist.com/article/dn26135-factorisation-factory-smashes-numbercracking-record.html?cmpid=RSS|NSNS|2012-GLOBAL|online-
news#.VAXRfDzYvyF) that a new factorization record was announced. It is a roughly 1,024-bit integer - but it took 2000 high end-PC years, and it is a Mersenne integer - orders of magnitude easier to factorize than an integer of similar size obtained as the product
Re:Exaggerated, somewhat hysterical decision (Score:4, Interesting)
Good!!! (Score:2)