Why is SHA-2 safer than SHA-1 in SSL certificates (screencast) - Cryptography/SSL 101 #6

preview_player
Показать описание
Here is a detailed walkthrough of why the strength of the hash function used to sign the certificates is very important and why SHA-1 is being phased out in favour of SHA-2.

We go through the end to end process of signing a certificate, then in reverse show what happens as the signatures are validated by the browser.

Then we discuss some ways in which a compromise of the hash functions can lead to dangerous scenarios on the internet.

Finally a brief overview of what people who are responsible for websites need to know and the urgency of making the changes.

If you're looking for a great text description of how the SSL chain works I would recommend this one.

  1. Matt Thomas
  2. SHA1
  3. SHA-1
  4. SHA-2
  5. SHA2
  6. SHA-256
Рекомендации по теме
Why is SHA-2 0:46:48

Why is SHA-2 safer than SHA-1 in SSL certificates (screencast) - Cryptography/SSL 101 #6

How secure is 0:05:06

How secure is 256 bit security?

SHA-1 VS SHA-2 0:01:03

SHA-1 VS SHA-2 VS SHA-256 - Difference between SHA-1 VS SHA-2 VS SHA-256

The unsolved math 0:05:59

The unsolved math problem which could be worth a billion dollars.

SHA-256 | COMPLETE 0:13:01

SHA-256 | COMPLETE Step-By-Step Explanation (W/ Example)

Shame about SHA-2: 0:03:26

Shame about SHA-2: Symantec flunks basic programming

SHA-256 Simplified: What 0:10:06

SHA-256 Simplified: What Is It And Why It Is So Secure

Blake3 vs SHA-256 0:01:00

Blake3 vs SHA-256 Speed Efficiency and Security

GTER 40: SHA-1, 0:32:49

GTER 40: SHA-1, SHA-2 TLS Migrations and New Standards

What is SHA256? 0:13:36

What is SHA256?

4 Understanding SHA256 0:14:35

4 Understanding SHA256 Hash

What is Hashing? 0:12:36

What is Hashing? (MD5, SHA1 & SHA256)

Hashing and Hash 0:12:36

Hashing and Hash Cracking Explained Simply! (2021) | MD5, SHA1, and SHA256

How Does SHA256 0:04:53

How Does SHA256 Work?

Crytpocoins: SHA-256 vs 0:07:01

Crytpocoins: SHA-256 vs Scrypt

BLAKE3 vs SHA-256 0:13:50

BLAKE3 vs SHA-256

SHA-2 0:40:09

SHA-2

Secure Hash Algorithm 0:02:14

Secure Hash Algorithm

Hashing - what 0:13:20

Hashing - what it is, how it's used and why it matters - with MD5 and SHA2-256 examples

SHA-2 0:18:09

SHA-2

Asymmetric Encryption - 0:04:40

Asymmetric Encryption - Simply explained

Security Snippets: MD5, 0:12:34

Security Snippets: MD5, SHA-1 and SHA-2

How to Upgrade 0:02:43

How to Upgrade Certification Authority to Use SHA2 - Step by Step

Investigating SHA256 in 0:03:47

Investigating SHA256 in Bitcoin

Комментарии
Автор

Brilliant set of video;s Matt. Thanks a million. Was trying to understand this concept for ages but you nailed it in depth and with excellent diagrams which is my way of learning.
Was at first put off by the Humpty Dumpty references, but hey whatever works in the end eh.
Looking forward to the Bitcoin vids. I have a good understanding but need to cement it with different angles of attack.
Mucho Cracias.

bazilian
Автор

A big Thank to you Matt. I just finished the series and will carry on :)

jcworks
Автор

Great video...I've been following the series and was wanting to know more about how the system actually gets compromised.

nadishavalentina
Автор

Excellent as always. In your previous tutorial, you showed what I assume is an actual root certificate for Verisign which uses SHA-1. So I guess they will be changing this before tomorrow ;) Thanks again for these tutorials and happy new year.

sefton
Автор

Hi Matt, Excellent series. Is there any chance of you doing another video which delves a bit deeper into the exchanges involved in a TLS session? For instance it would be useful to understand in more depth what the various cipher suites represent or mean eg. The way you explain things crystallizes the concepts better than other videos I've seen.

jazzmanflyer
Автор

Thanks for the series. Very well explained.

A follow-up question on certificate forging: Am I right to assume that forging a certificate would not be as easy, if the format of the SSL certificate would not be open to insert non-visible fields, hidden characters or similar looking characters in the Unicode charset?
That's because the only variable part of the certificate would then be the hostname (which you have to forge) and the public key, which is expensive to compute.

And why did people choose MD5 or SHA-1 in the past as hash functions? The more expensive the a function is the better for this purpose, I suppose.

andreasbaumann
Автор

Great explanation.. one thing that I don't understand is why are a lot of the popular Root CAs (for example Baltimore CyberTrust Root with Thumbprint that issue Microsoft and Google's certificate still on SHA1?

I realize that creating a collision on the root doesn't make a lot of sense, since the client has a copy in the store, but why not use certs from a SHA2 Root CA? Is it because they are worried that the Root cert hasn't propagated to trusted store on all the devices out there?

sunilmujumdar
Автор

Good one.. All parts are great.. Thanks Matt

maheshdivakaran
Автор

Thanks for amazing explanation.

27:40 is where content related to the video title actually starts. Before that it is all about Certificate Trust Chain, similar to what you have already explained in previous video but much better. I think it's better to merge content before 27:40 with the previous video and remove the last couple of recap of the previous video.

parthilshah
Автор

Could you please do a video on Certificate Pinning? Which is now common in Android and iOS world.

nehalshah