PKI med SHA-2

SHA-2


Inom kryptografin utgör SHA-2 en uppsättning kryptografiska hashfunktioner (SHA-224, SHA-256, SHA-384, SHA-512). som tagits fram av National Security Agency (NSA) och publiserade 2001 av NIST som en “U.S. Federal Information Processing Standard”.

SHA utläses som “Secure Hash Algorithm”. SHA-2 omfattar ett antal förändringar jämfört med sin föregångare, SHA-1. SHA-2 består av fyra hashfunktioner med hashvärden som är 224, 256, 384 eller 512 bitar.

2005 hittades säkerhetsbrister i SHA-1 i form av att en matematisk svaghet kunde finnas som indikerade att en starkare hashfunktion var önskvärd. Även om SHA-2 inrymmer vissa likheter med SHA-1 algoritmen så har attackerna ännu inte kunnat omfatta även SHA-2.

En ny hashstandard, SHA-3, är under utveckling och NIST har en tävling mellan olika hashfunktioner som under 2012 är tänkt att utmynna i en segrare. SHA-3 algoritmen ska inte ha några kopplingar till SHA-2.
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

Notera att längden på resultatet av en hashoperation med en viss algoritm alltid är den samma oberoende av längden på det data som skickas in. Detta i kombination med hur en hashfunktion fungerar ger resultatet att ett hashvärde aldrig ska kunna användas för att återskapa originalvärdet.

En hash är alltså inte en form av kryptering. När man krypterar vill man ju kunna återskapa orginalinformationen medan själva poängen med ett hashvärde är att man inte ska kunna det.

Vi hashar ordet tallbarr och får då:
02bfe1b9fc3d4d28186206fafa90b31101e40de6 (SHA-1 / HEX 40 tecken)
b96109556a2abb69ca9cb7f4c70828562ecf93fc1010bad11dd26fc46f17859483f159029c9677dacf569af94daf430105889ab7daddf8b3d35cb916c2009a50
(SHA-512 / HEX 128 tecken)

Vi hashar ordet strängen En mås satte sig i mastens topp och får då:
1e1abac63f0739b9245984f376224a6bb73de302 (SHA-1 / HEX 40 tecken)
b57487426287dc8d6b6554aa561abd0dcccf04f4d62fd1a8d069f6129b7ba90396e2fa3354859ce8ea0271d92308faea7533a5f20b23fe50b0f37313bfb8d2ce
(SHA-512 / HEX 128 tecken)

http://www.sha1-online.com/

Hashoperationer i praktiken


Det finns förstås ett otal sammanhang där hashoperationer görs men just här fokuserar vi på vad som händer när man hashar certifikat med något annat än gamla SHA-1.

Det kommer INTE att fungera i alla sammanhang!

SHA-2 i Net iD


5.0.0.20
Added support for SHA-256 for pkcs11/CSP/minidriver.

5.6.0.30
Fixed SHA-256 certificate enroll with MiniDriver.

6.0.0.10
Added support for all SHA-2 algorithms (SHA-224/256/384/512), SHA-256 was available earlier [LXT-135064].

Windows XP


Prior to Windows XP Service Pack 3, there was no SHA2 functionality within Windows XP. With the release of Service Pack 3 some limited functionality was added to the crypto module rsaenh.dll. This includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512. SHA-224 was not included.

Changes in Windows XP SP3
Windows XP SP3 implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in the X.509 certificate validation. The changes in the certificate validation are meant to enable the scenario of the SSL/TLS authentication. Other scenarios that involve certificate validation may not work if you use certificates that are secured by using the SHA2 algorithms if the protocols and the applications do not support the SHA2 hashing algorithms. For example, the S/MIME signed e-mail verification and the Authenticode signature verification do not support the SHA2 hashing algorithms on a computer that is running Windows XP SP3.

W2003


Windows Server 2003 Service Pack 2 does not ship with support for SHA2. This limitation can become an important concern when processing smart card logons and for mutual TLS authentications to web servers. As unlike other technologies, smart card logon and mutual TLS both use strict revocation checking; so should either the certificate itself or the revocation information (CRL/OCSP) use SHA2, the logon would fail.

Though support SHA2 is not included in Windows Server 2003 Service Pack 2, it is available for download. KB 938397 will bring Windows Server 2003 to the same level of functionality as Windows XP with Service Pack 3. KB 938397 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page. Note, KB 938397 is also offered for Windows Server 2003 Service Pack 1.

Not


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\<KBArticleNumber>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB938397

wmic qfe list full >kb.txt

Microsoft


http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx

CryptoAPI and Cryptographic Service Providers


Providers associated with Cryptography API (CryptoAPI) are called cryptographic service providers (CSPs). CSPs typically implement cryptographic algorithms and provide key storage. Providers associated with CNG, on the other hand, separate algorithm implementation from key storage.

The following Microsoft CSPs are distributed with Windows Vista and Windows Server 2008.

1)
Microsoft Base Cryptographic Provider v1.0
Secure Hash Algorithm (SHA1) 160/160/160

2)
Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

3)
Microsoft Base DSS Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

4)
Microsoft Base Smart Card Crypto Provider
Secure Hash Algorithm (SHA1) 160/160/160
Secure Hash Algorithm 256 (SHA256) 256/256/256
Secure Hash Algorithm 384 (SHA384) 384/384/384
Secure Hash Algorithm 512 (SHA512) 512/512/512

5)
Microsoft DH Schannel Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

6)
Microsoft Enhanced Cryptographic Provider v1.0
Secure Hash Algorithm (SHA1) 160/160/160

7)
Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

8)
Microsoft Enhanced RSA and AES Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160
Secure Hash Algorithm 256 (SHA256) 256/256/256
Secure Hash Algorithm 384 (SHA384) 384/384/384
Secure Hash Algorithm 512 (SHA512) 512/512/512

9)
Microsoft RSA Schannel Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

10)
Microsoft Strong Cryptographic Provider
Secure Hash Algorithm (SHA1) 160/160/160

This may help:
http://support.microsoft.com/kb/968730
A published fix for an issue with Windows XP and Server 2003 if you use SHA2 algorithms

No.
Only a Vista/Server 2008 or higher client can consume certificates using a SHA256 hash.
A Windows XP SP3 client can validate a certificate using a SHA2 has but cannot actually use the certificate as its own
There are no plans to back port SHA2 functionality top XP/2003
Brian Komar