4

I have just re-keyed a SHA1 certificate and installed a new SHA2 certificate in its place. Everything is working fine. There is no insecure content. Digicert's diagnostic tool says everything is ok, and "Signature algorithm = SHA256 + RSA". However, Google Chrome says (note my emphasis):

The identity of this website has been verified by DigiCert SHA2 High Assurance Server CA but does not have public audit records.

Your connection to [www.domain.com] is encrypted with 128-bit encryption.

The connection uses TLS 1.0.

The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

Why does Google Chrome say that the connection is using "SHA1 for message authentication"?

(Note: I have cleared cache and refreshed page)

Adam George
  • 177
  • 1
  • 7

1 Answers1

3

Message authentication is used for authentication the data in transit. It is not used for securing the certificates (using digital signatures).

Many cipher suites will still use HMAC using SHA-1 as SHA-1 (and even MD5) is quite safe within a HMAC scheme (due to the fact that a key is hashed both at the start and at the end of the data to protect).

The structure of the HMAC algorithm makes it less susceptible to attacks on properties of the underlying hash algorithm. HMAC is quite resilient against the current (successful) attacks on MD5 and SHA-1.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Ah, great. I thought it might be something like that. Thank you. So even though it is using SHA1 for "message authentication", the cert will satisfy Google in terms of using SHA2 and will not prompt a warning (per: http://googleonlinesecurity.blogspot.com.au/2014/09/gradually-sunsetting-sha-1.html)? – Adam George Sep 25 '14 at 23:37
  • Yup, that's about the gist of it. Of course, it would not hurt to favor higher security ciphersuites in favor of ones using older hash functions, if you have some CPU cycles to spare. – Maarten Bodewes Sep 26 '14 at 00:03