As sites move to SHA-2 encryption, millions face HTTPS lock-out

In 2016, tens of millions of people around the world will face trouble accessing some of the most common encrypted websites like Facebook, Google and Gmail, Twitter, and Microsoft sites.

Why? Because their browser or device will be unable to read the new, more secure certificates.

SHA1, the cryptographic hashing algorithm that's been at the heart of the web's security for a decade, will be retired in a little over a year. Some say it could be cracked by the end of the year, essentially making it useless and weakening security for millions of users.

Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2.

"We're about to leave a whole chunk of the internet in the past," said CloudFlare chief executive Matthew Prince, during a conversation in our New York newsroom earlier this month.

'One million websites' running risky crypto

Encryption isn't important just for protecting your online banking, email accounts, and social networks. That green lit-up bar or padlock in your browser also verifies the integrity of a site, offering a strong level of assurance that the page has not been modified in any way.

More sites nowadays are adopting encryption because it costs little to nothing to implement.

In an age of daily data breaches, hacks, and mass surveillance, adopting a strong SHA2 algorithm is more important than ever. But browser makers and website owners alike thought they had more time.

Prominent security researchers thought SHA1 would last until about 2018, but now they think the SHA1 algorithm may be broken by the end of 2015.

The good news is that most website are already using the stronger SHA2 certificates. About 24 percent of SSL-encrypted websites still use SHA1 -- or, about 1 million websites.

That figure is declining every month, so much so that by the end of the year it could fall as low as 10 percent of all websites, meaning the vast majority of encrypted websites will be safe from SHA1 collision attacks.

For most people, there's nothing to worry about. The majority are already using the latest Chrome or Firefox browser, the latest operating system, or the newest smartphone with the latest software, which are compatible with the old SHA1-hashed websites and the newer SHA2-hashed websites.

But many, particularly those in developing nations, who are running older software, devices, and even "dumbphones," the candy-bar cellphones that have basic mobile internet, will face a brick wall, because their devices aren't up-to-date enough to even know what SHA2 is.

Mozilla's 'one million downloads' mistake

There's no way to tell exactly how many will be affected until it happens, in part because there are no concrete figures on how many people are running old or unsupported browsers or devices.

HTTPS

Sites that don't offer HTTPS encryption are running out of excuses

The barriers that once stood in the way of a fully secure web don't exist anymore.

Read now

Ivan Ristic, head of of SSL Labs at Qualys, said in an email that users of Windows XP SP2 and earlier, and Android 2.2 and earlier, do not support SHA2 certificates.

There are no stable or steady figures to reference. From what's available, usage of unsupported systems remains low worldwide, but still has double-digit percentages in China, Africa, India, and other developing nations like Vietnam, accounting for tens of millions of users. Even if Microsoft's usage share sites is to be believed, that 1 percent of the world still uses an unsupported browser, there could be as many as 70 million that face being locked out of SHA2-hashed encrypted sites.

"Given that many sites are 75 percent through to SHA2 migration, it's likely that those users with old browsers will start to experience problems with increased frequency throughout 2016," said Ristic.

Mozilla found out the hard way last year. Last year, the browser maker updated its website with a new SHA2-hashed SSL certificate. But those who were running a browser or operating system that didn't support SHA2 couldn't get onto the website.

The upgrade "killed one million downloads," said Mozilla's Chris More in a bug listing at the time. "A lot of the world is still running old browsers and come to our website to get Firefox," he said.

And it won't be the last time it happens.

'Untrusted connection'

With SHA1 no longer available from 2016, website owners and app makers have a whole year to upgrade to SHA2.

A year later, starting in 2017, Chrome and Firefox browsers that encounter an old SHA1 certificate will throw a security warning, telling the user that the connection is untrusted. In some cases, like Firefox, users may get warnings during 2016.

Mozilla said it may push the date back to July 2016 if attacks on SHA1 are successful.

Website encryption is becoming more ubiquitous as security becomes more of a focal issue. But it's not always as simple as upgrading to a new browser. In many cases it involves upgrading hardware, like phones and computers, which many can't afford or can't get because of trade restrictions.

"We're trying to get everyone to upgrade to the latest security and that's good, but in order to do that we have to support the past," said Prince.

With potentially only a few days or weeks before SHA1 is cracked, and sites and services can be impersonated, there has not been a bigger need to upgrade to better cryptography in years.

Prince said the industry wanted the "best and greatest security, but in the process we broke everything," he said.

"It's the best of intentions backfiring," he said. "And it scares the s**t out of me."