Over 107,000 websites have been consigned to the depths of the untrusted internet after Mozilla's move last week to allow its 1024-bit certificates to expire.
The latest shipment of Firefox 32 improved security by killing support for the 1024-bit certificate authority (CA) certificates within the browser's trusted store. Google's Chrome, on the other hand, has not yet removed support for the 1024-bit CA certificates over concerns about the number of websites that would likely be affected.
Mozilla's move was in line with best practice advice from boffins at the National Strategy for Trusted Identities in Cyberspace (NIST), who warned (PDF) organisations to migrate and accept only 2048-bit keys.
Rapid7 chief security officer HD Moore reported last week that 107,535 had been affected by the security upgrade. He obtained the data through public network analysis tool Project Sonar.
1024 certificate expiry: HD Moore
"There is a little disagreement that 1024-bit RSA keys may be cracked today by adversaries with the resources of nation states [and eventually] by operators of relatively small clusters of commodity hardware," Moore said.
"In the case of a CA key, the successful factoring of the RSA primes would allow an adversary to sign any certificate just as the CA in question would. This would allow impersonation of any 'secure' web site, so long as the software you use still trusts these keys."
The sites were derived from 65 million unique certificates checked against some 20 million indexed websites. The majority of certificates used by affected sites would expire in the next 12 months, minimising coin wasted on insecure certificates, while 13,000 were already using expired certificates issued by Vodafone and valid to last July.
"While Mozilla's decision will affect a few sites, most of those that are active and affected have already expired, and shouldn't be trusted on that basis alone," Moore said.
He added this recommendation: "If you still use a 1024-bit RSA key for any other purpose, such as a Secure Shell (SSH) or PGP, it is past time to consider those obsolete and start rolling out stronger keys, of at least 2048 bits, and using ECC-based keys where available." ®