Fedora Drops SHA-1

The Fedora Linux distribution and related distributions (e.g., CentOS Stream, Red Hat Enterprise Linux) have completely banned SHA-1 from their current versions. Crypto policies are used to regulate which algorithms are permitted on the system and can be used by the individual cryptographic components. However, the DEFAULT policy disables SHA-1 so that crypto components on a system of this type can no longer use SHA-1 to generate or verify digital signatures.

In addition to the problems with older SSH implementations already mentioned, users especially notice this change when they use software packages that still have a SHA-1 signature: You can no longer install them on a Fedora 36 system [8] because the system cannot verify the package signature. The correct approach is to ask the package vendor to sign the software with an algorithm other than SHA-1. In the short term, you can also turn off signature verification for individual transactions:

dnf install --setopt=tsflags=nocrypto foo.rpm

If you prefer to use the RPM package manager to install the package instead, the command is:

rpm -Uhv --nosignature foo.rpm

However, I need to point out explicitly at this point that installing software packages without signature verification is not recommended and endangers the security of the entire system.

Fallback to SHA-1

In a few cases, it may be necessary to make the SHA-1 algorithm available again on a system, at least temporarily. To do so, you use the SHA-1 crypto policy to load the policy in addition to the default:

update-crypto-policies --set DEFAULT:SHA1

However, this process also jeopardizes the security of the entire system because, from now on, all crypto components have access to SHA-1 again.

Conclusions

The funny thing about hash functions is that the original input cannot be calculated from a hash value and, moreover, two different sets of inputs will never result in the same hash value. To be certain, cryptographic methods rely on complex mathematics. However, it is not only errors in the algorithms that invalidate the two basic requirements in some hash methods. Greater compute power can also help crack weak algorithms.

SHA-1 has long been considered insecure, and practical attacks that break the algorithm with relatively little effort have existed for several years. Avoiding SHA-1 and using SHA-2 or SHA-3 instead is therefore highly advisable. Logically, Fedora and other Linux distributions have now completely disabled SHA-1, while still giving users the option to revive the algorithm if needed; however, you seriously need to consider whether you have genuinely compelling reasons for doing so.

The Author

Thorsten Scherf is the global Product Lead for Identity Management and Platform Security in Red Hat's Product Experience group. He is a regular speaker at various international conferences and writes a lot about open source software.