The US National Institute of Standards and Technology (NIST) is formally recommending that Secure Hash Agorithm-1 ("SHA-1") be replaced with newer, more secure algorithms.
SHA-1 is a hash function designed by the US National Security Agency and published in 1995. SHA-1 (and it's later associated algorithms SHA-2 and so on) have a rich and significant history of adoption, historically including mandatory use in certain US government IT applications and very broad adoption within security applications in everyday use by the general public, such as validating websites:
"It secures information by performing a complex math operation on the characters of a message, producing a short string of characters called a hash. It is impossible to reconstruct the original message from the hash alone, but knowing the hash provides an easy way for a recipient to check whether the original message has been compromised, as even a slight change to the message alters the resulting hash dramatically." NIST
The inexorable march of time and technological advances have unsurprisingly produced a number of discoveries and developments that impact upon the ongoing suitability and use of SHA-1. On a positive note these developments include newer and more secure algorithms which will are already widely adopted , however as with all security functions SHA-1 vulnerabilities have also been discovered, including those resulting from the increased access to extremely powerful computers which can create fraudulent messages that result in the same hash as the original allowing partial compromise ("collision attacks"), thereby undermining SHA-1
“We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,” NIST computer scientist Chris Celi.
Given that SHA-1 has been in use since 1995 (that makes it almost 28 years old!), that NIST formally deprecated its use in 2011 and disallowed it's use for digital signatures in 2013, the latest announcement (December 2022) should not come as any surprise. Major web browsers stopped supporting digital certifications based on SHA-1 in 2017 when the type of collision attack described above became relatively straightforward.
So how much of a development is this and what changes need to be made?
What does the announcement mean?
The December 2022 announcement from NIST really tells us that NIST's change of status for SHA-1 effects companies that develop modules within functional encryption systems and that those systems need not only to not use SHA-1 by 2030, but to not even support SHA-1 by 2030. In the grand scheme of global society and the economy, such companies are few and niche and they should already have been planning for this change to ensure their continued commercial viability. So why is this announcement important to the rest of us doing business in the digital age?
DWF are not aware of any recent authoritative research regarding ongoing use or prevalence of SHA-1 in production environments, although several research studies published in 2017 suggested that over 20% of websites (of over 33 million surveyed) continued to rely on SHA-1 even after the major web browsers stopped supporting it. DWF do know through our work with clients that SHA-1 remains in use for common security use cases such as encryption of customer data databases, employee databases, and even password databases. Considering the timeline above, whereby reliance and trust in SHA-1 has been diminishing in global communities of technical authority for a long time, and with that position now bolstered by December's announcement, DWF recommends that organisations should be making time-bound and complete plans for the wholesale replacement of SHA-1 in any security use case.
Our interpretation: Appropriate technical and organisational measures
Similar steps to recommend limiting the use of SHA-1 have been taken by European technical authorities such as the European Union Agency for Cyber Security ("ENISA") over a similar timescale. Consideration must therefore be given to whether use of SHA-1 for essential security functions to protect personal data can be considered to be "appropriate" as a technical measure in 2022. In instances where data breach notifications are made to data protection authorities or other regulators with jurisdiction over data and security, a common line of enquiry from the regulatory investigations team is that of security controls, including types of hash used (particularly where database extraction is being reported). Given the total absence of recognised technical sources of authority that would advocate for SHA-1 as a suitable hash function for a security use case in 2022, any organisation reporting a data breach and reliance on SHA-1 as a core technical security control (without other compensatory controls) should prepare to be found in violation of GDPR's requirement to implement appropriate technical and organisational measures for security.
Our recommendations: What to do
As stated, DWF recommend that a discovery exercise be undertaken to determine the extent to which SHA-1 is being used within any organisation's environment (this should include on premise, hybrid, and cloud). Any use of SHA-1 for security use cases should be the subject of a migration pathway to more secure algorithms. We also recommend that organisations extend the enquiry to the supply chain through which critical information types (including personal data) are shared in order to determine the most appropriate pathway to remediation where required, which may include wielding contractual or statutory powers compelling Processors to implement appropriate technical measures to meet the requirements of GDPR, including migration to more secure hash algorithms.
Taking these steps will not only help to reduce the risk of an information security breach, it will provide an organisation and it' advocates a more positive position from which to address regulator and other adverse scrutiny should they be unfortunate enough to be the victim of a data breach.
How we can help
DWF’s legal and multi-disciplinary professional services business provides clients with global support on critical cyber security issues including preparing for and responding to security failures and data breach events. Our team includes legal advisors, management consultants and risk professionals with verifiable, market-leading credentials in these areas.
Please get in touch with the team to discuss how we can help you achieve positive security and data risk outcomes, even in the most complex and contentious of circumstances.