Sign in / up

back to article Mozilla certification revocation: 107,000 websites sunk by untrusted torpedo

Over 107,000 websites have been consigned to the depths of the untrusted internet after Mozilla's move last week to allow its 1024-bit certificates to expire. The latest shipment of Firefox 32 improved security by killing support for the 1024-bit certificate authority (CA) certificates within the browser's trusted store. …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Alister

    No Excuse

    There really is no excuse for a webmaster not to have updated to a 2048bit certificate, it's not like we haven't been aware of this for the last 3 years.

    All the major CAs have had big warnings plastered across their sites for a long long time.

    16 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: No Excuse

      "There really is no excuse for a webmaster not to have updated to a 2048bit certificate, it's not like we haven't been aware of this for the last 3 years."

      Unless of course you already forked out for a 3 or 5 year certificate....

      0 4 Reply
      1. typeo
        Reply Icon

        Re: No Excuse

        "Unless of course you already forked out for a 3 or 5 year certificate...."

        Surely the certificate can just be rekeyed in this case?

        13 0 Reply
      2. Daniel B.
        Reply Icon
        Alert

        Re: No Excuse

        Unless of course you already forked out for a 3 or 5 year certificate….

        Having worked at a certain financial institution that had this very issue, I can vouch for Verisign that signing a new 2048-bit request for the remainder of your purchased term is free of charge.

        And I'd also note that this requirement issue was tackled by said bank back in 2011. VeriSign would not sign any 1024-bit cert with a validity beyond 2012. What kind of CA has been signing certs with expiration dates beyond 2012?

        0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: No Excuse

      The issue isn't the size of the endpoint key (which could well be 2048-bit or larger), but that of the CA itself. If the CA key is only 1024-bit, how can you be certain that the certificate you have received for a website's 4096-bit key is authentic?

      4 0 Reply
      1. Aitor 1
        Reply Icon

        Re: No Excuse

        CAs are also known to to provide false keys to "law enforcement and similar clients".. so statesalready have the keys for MiM attacks..

        As for Mozilla... well, they decided not to ban CAs that participate in MiM attacks by security forces, delete posts in forums about it, etc.

        While I agree that at some point they should all be 2048 bits.. they are trying to fix something that is NOT the problems. The CAs are the problem.

        6 1 Reply
      2. phil dude
        Reply Icon
        Black Helicopters

        Re: No Excuse

        Reading the latest mathematical literature on this subject, I would say 1024 bit is definitely cracked/able...

        P.

        0 0 Reply
    3. regadpellagru
      Reply Icon

      Re: No Excuse

      "There really is no excuse for a webmaster not to have updated to a 2048bit certificate, it's not like we haven't been aware of this for the last 3 years.

      All the major CAs have had big warnings plastered across their sites for a long long time."

      Agree. And I also praise Mozilla for taking the lead of the cleanup of the smoking mess that is TLS CAs signoffs. They are doing it at the expense of pissing off the clueless, but ultimately securing communications of everyone. Hence, hats off to them.

      4 0 Reply
    4. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: No Excuse

      RSA is a US firm.

      I take no computer security advice from the yanks. If they say 2048 I want at least a 8192 and there's no way I want RSA involved in any way after PRISM and the revealed flaws.

      4 3 Reply

    5. This post has been deleted by its author

    6. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: No Excuse

      -- unless your hardware on the embedded web server has less than 2048 bytes of available memory, and a 256 byte key didn't fit into it -- and it's protected from the internet by a VPN appliance --

      The 64 bit key was adequate for our internal security needs.

      1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    If you still use a 1024-bit RSA key such as PGP, it's time to start using ECC-based keys

    He added this recommendation: "If you still use a 1024-bit RSA key for any other purpose, such as a Secure Shell (SSH) or PGP, it is past time to consider those obsolete and start rolling out stronger keys, of at least 2048 bits, and using ECC-based keys where available"

    Mmmm, hmm, and just how many open-source implementations are there for ECC OpenPGP? GnuPG 2.1 is still in development and is not ready for production.

    I did experiment with it, I like having a reasonably secure key in a small space, specifically I was looking at it for AX.25. But it's still a fair way off.

    2 1 Reply
    1. brooxta
      Reply Icon

      Re: If you still use a 1024-bit RSA key such as PGP, it's time to start using ECC-based keys

      Why downvote the parent? It's an absolutely valid point. If you disagree then please provide some links to alternative mainstream ECC-enabled PGP-type applications.

      1 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: If you still use a 1024-bit RSA key such as PGP, it's time to start using ECC-based keys

        I guess they downvoted because I mentioned OpenPGP which isn't TLS.

        However, I'm pretty sure the older SSL stacks out there don't support ECC either. Yandex still uses SSLv3 for example. Does switching to an ECC-based certificate lock you out of their search engine?

        1 1 Reply
  3. stu 4

    untrusted pedo

    I am the only one that misread that ?

    0 1 Reply
  4. mark jacobs
    Coat

    In a few years time ...

    2048 bits won't be enough, since hardware is cranking up the speed every time. My home PC is clocked at 4.0 GHz and has 8 cores and 8GB DDR3 RAM. Put a farm of 100 of these together and write multi-threaded software, and you could be hacking the DoD any time soon!

    0 4 Reply
    1. Yet Another Anonymous coward Silver badge
      Reply Icon

      Re: In a few years time ...

      It really doesn't matter how many bits you have if Mozilla trusts "honest Achmeds" root certificate as signing the google.com you visted

      3 1 Reply
    2. phil dude
      Reply Icon
      Boffin

      Re: In a few years time ...

      read Knuth's explanation of why this is not so helpful. But, and this is But^10 , we do not *know* there is not a better factoring algorithm - it just hasn't been found.

      Other methods may have a better chance of proving inverse difficulty, but factoring only has history...and that is an unreliable metric!! (Gauss and Euler didn't have computers...)

      P.

      2 0 Reply
    3. Daniel B.
      Reply Icon

      Re: In a few years time ...

      RSA's cracking difficulty grows exponentially instead of being linear. Just to put it in perspective, 512-bit RSA was cracked in 1999. The largest RSA number cracked from the RSA challenge has been 704 bits long, and that was in 2012. Ok, 768-bit challenge was factored in 2009. But many of these efforts have been running non-stop for God knows how many months. Or years. Up until now, nobody has been able to factor 1024-bit RSA numbers, even though it is possible that cracking 1024-bit keys will be possible in the near future. But 2048? Unless something better than the quadratic sieve is discovered, or quantum computing actually takes off, it's still a long way down the road.

      1 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    CA Certs

    I have disabled all bar ten CAs on a couple of installations--it's been a few months ago and I'm still to get any warning regarding an untrusted cert.

    Ideally, browsers would come with CA certs pre-installed, but initially untrusted until the user hits a website that requires it, then it would ask the user whether they trust the Turkish Central Bank CA to have signed the cert for google.ie, for example. It's far from perfect as it has an impact on usability and it does not address the real problem (pointed out by Aitor above), but nonetheless it'd be a small step forward.

    However, as Aitor hints at, CAs cannot be trusted anyway as they're in the habit of "lending" their signing keys to, as they call it, "partners".

    0 0 Reply
  6. PeterM42
    Facepalm

    Is this anything to do with....

    .....why Firefox keeps CRASHING?!?!?!?!?!?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like