OK, it’s coming. Version 2 of the Secure Hash Algorithm, aka SHA-2, is going to take over sole authentication duty from SHA-1 in 2019. You can read more about this at Windows Support, but I’ll provide the broad strokes of what’s going on here. Long story short: SHA-1 has been around for a long, long time and it’s too weak (and too easily cracked) to remain the primary protection for Windows Update downloads. Hashing is a technique whereby a specific value is calculated from a payload and then compared to the pre-calculated value in the payload. If the two values agree, the assumption is that no tampering or corruption has occurred. But SHA-1 is too vulnerable to continue in use, so SHA-2 is taking over. Here’s part of what the Support Note says (emphasis in bold comes from me):
Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates.
What’s the Timetable?
Starting on March 12, the switchover gets underway (Windows 7 SP1 and Windows Server R2 SP1). Next comes WSUS 3.0 SP2 (standalone Windows Server Update Services) on April 9. On June 18, current Win10 versions — namely, 1709, 1803, and 1809 — get their fix (Insider Preview versions are presumably already there). Then, in July 2019, SHA-2 code signing support must be installed for Windows Update to keep working properly on end-user and other Windows PCs. See the Support Note for the rest of the details.
What’s It All Mean?
If you really want to dig into the details, check out Vincent Lynch’s article at The SSL Store. It’s entitled Re-Hashed: The Difference Between SHA-1, SHA-2, and SHA-256 Hash Algorithms. Among many other things, you’ll learn there that SHA-1 uses a 160-bit hash, and that SHA-2 refers to a family of hash lengths, of which 256 bits is the most popular and widely used. SHA-2 has already been the standard for SSL/TLS certificates since 2016, so you can really understand this move on Microsoft’s part as declaring SHA-1 officially dead, and officially (and completely) moving over to SHA-2 (or SHA-256, if you prefer). Bottom line: SHA-2 in the 256 bit mode offers 106 additional bits’ worth of security which makes it incredibly more difficult and challenging to crack, especially using brute-force methods. You can see this “size difference” in the hex values that Mr. Lynch shows for the SSL certificate hashes for his website, depicted here:
I count somewhere around 25 additional hex digits in the SHA-2 hash as compared to the SHA-1 hash. That’s a difference of 1.27 * 10**30 (which Wikipedia happily tells me is a “nonillion”)!
Mr. Lynch also mentions in his article that he expects SHA-2 at 256 bits to remain usable (that is, safe and secure) for another 5 years or so. His article appeared in November, 2018, so that means we might expect a similar SHA upgrade some time in 2023. OTOH, if a crack or well-known vulnerability comes along sooner, so will the changeover. Stay tuned on that front, please!
Bottom Line: If you’re using Windows 7 or an older version of Windows Server, you really need to make sure your machine has SHA-2 code signing capability by the end of June, 2019. Otherwise you won’t get any more updates, even though it’s six months prior to Win7’s official end-of-life date on 1/14/2020.
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.