America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates.
SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud CPU to can crack an SHA-1 signature.
Netcraft is waging war on the stubborn protocol, and earlier this month warned that there's still a quarter of a million SHA-1 certs with expiry dates of 2017 or later.
The use of those certs in dot-mil domains, however, singles it out for special criticism, since the National Institute of Standards and Technology (NIST) has long told US government agencies that SHA-1 is no longer acceptable.
Hence, Mutton's latest post observes that it's hard to understand why the Missile Defense Agency should have issued an SHA-1-signed cert for a Juniper Networks remote access device in February 2015, or that the US Navy's Naval Facilities Engineering Command should use the standard for "user identification and authentication using DoD PKI."
Some sites compound the error, the company says, by supporting the also-insecure, also-outdated TLS 1.0 connections. Two sites at the Defense Logistics Agency offer nothing but TLS 1.0 protocol.
Mutton also notes that the persistence of SHA-1 places DoD PKI at risk.
"As an example, the subscriber certificate issued to cec.navfac.navy.mil was signed on 19 March 2015 by the DoD CA-27 intermediate, which is signed by the DoD Root CA 2 trusted root," he writes.
"If any of these intermediate certificates were to be targeted to find a collision, it would be possible for an attacker to generate valid subscriber certificates for any domain. This would allow the attacker to convincingly impersonate US military sites and carry out man-in-the-middle attacks against browsers that trust the DoD root certificates." ®