Google Chrome browser has been warning frequently recently: What’s going on?

Recently, if you use Chrome browser to visit many domestic websites, such as exmail.qq.com, you may notice a dialog box like this:

What does this mean? Is the access link not private?

I checked my email and it has lost its privacy. What should I do with the photos in it? I had no privacy when I repaired computers before, and now I have no privacy when I surf the Internet. Am I going to be famous again?

Wait, something seems wrong here: What exactly is web privacy? Why am I being asked this question? Didn’t I already enter my password to log in?

Let me start from the beginning.

1. How did HTTPS (Secure Hypertext Transfer Protocol) come about?

In 1997, when CERN invented the HTTP protocol and used it for the World Wide Web, it was only to create a platform for sharing data within the academic community, and did not think too much about the security of transmission. After all, the network scale was very small at that time, and not everyone could afford computers and expensive network equipment.

They certainly didn't expect that the World Wide Web would become a universal platform for information transmission, and some people even went so far as to provide services such as web email and online banking on it. Such services have very strict requirements on security and privacy, because basically no one wants their bank passwords or private emails to be seen by third parties during transmission.

So here comes the problem. HTTP is transmitted in plain text, but it does support password authentication. Unfortunately, the password is also transmitted in plain text.

In response to this situation, HTTPS was born with the efforts of a group of scientists at Netscape, especially Dr. Taher Elgamal (known as the father of SSL).

In HTTPS, all transmitted data is encrypted, so third parties cannot obtain any useful data during the data transmission process, and the privacy of data transmission is naturally guaranteed.

At least that's how it was designed.

HTTPS is not a new protocol. It is based on HTTP with SSL (Secure Sockets Layer) or later TLS (Transport Security Protocol). SSL/TLS works under HTTP and is responsible for encrypting all transmitted data.

As an aside, at that time, not only HTTP, but also many upper-layer protocols of the Internet, namely application layer protocols, STMP email protocol and the like, were mostly transmitted in plain text, while mobile Internet or other networks were all based on some standard protocols, namely the TCP/IP protocol suite.

In the early days, these protocols were jointly developed by experts in the Internet field, just like the process of making laws today. However, after actual verification, their imprecision was gradually discovered, so people continued to update them based on the previous ones, and that is how SSL/TLS came into being.

Since SSL/TLS works between the TCP layer and the application layer, it can encrypt any application layer protocol, including STMP. From this perspective, Netscape's contribution to the Internet is actually very far-reaching.

HTTPS uses an asymmetric algorithm to exchange keys. This is also a very sophisticated algorithm. Interested students can

For example, as shown in the picture above, there is actually no audit record, but the warning mark has been removed, which shows that Google itself knows that the current whitelist coverage is very poor, and generally no records can be found, and no specific warning mark will be added.

So, you can ignore it for now.

The key is the second one:

This site uses a weak security configuration (SHA-1 signature), so your connection may not be private.

This is more interesting.

It's still about the police ID. To get a police ID, besides stealing/cheating/sneaking into the Ministry of Public Security to make a real one, you can also make a fake one.

For digital certificates, the most important part for identifying authenticity is the digital signature. However, since digital certificates are generally not small, it is impossible to sign every byte. Generally speaking, a hash value of the digital certificate is signed.

If you don't know what a hash is, let me give you an analogy. If you are a digital certificate, then your photo is your hash.

It contains the following two conditions:

- Through appropriate means, your photo can be created from you, but you cannot be created from the photo. In other words, you must exist before there can be a photo.

- Only you can accurately produce your photos, no one else can. You are unique, and your characteristics are unique to you.

So if you want to check a person's police ID, you just need to see if the photo matches the person (the hash value matches) and whether the interline stamp on the photo matches (digital signature). However, this interline stamp only needs to be stamped on the photo, not on the officer's face.

Of course I know this metaphor has a lot of academic imprecision, but it is one of the easiest to understand metaphors I can find so far.

In digital certificates, SHA-1 is a common hash algorithm that can generate a unique value (photo) for your digital certificate, just like a camera.

However, there is a problem with this algorithm. Because this function was designed too early, its robustness is too weak, which means that it is possible to generate the same value using two different digital certificates.

It's like if you had a camera that takes ID photos, but this magical camera takes photos so blurry that through special settings, another person can take an identical photo of the real police officer.

Congratulations, if you discover this setting, you can make fake police officer ID cards on a large scale.

This phenomenon is called a "collision" in hash functions.

For the SHA-1 algorithm, if you want to find this "special setting", it will take about 2 to the 74th power of operations. Some papers also point out that it only takes 2 to the 61th power of operations to complete. This was unimaginable when SHA-1 was invented, and it is actually not feasible now. However, according to the current development speed of computers, it can be cracked in theory by 2018 using a reasonably priced server cluster (see here ).

Therefore, Chrome believes that any hash function using SHA-1 is potentially unsafe, so it will issue warnings for all website certificates using SHA-1, and urge all websites using SHA-1 to switch to SHA-2.

However, please note that this is only potentially insecure. Currently, there is no feasible and reliable SHA-1 collision algorithm.

Therefore, these websites are safe for the time being, but we also hope that webmasters will raise their security awareness, because SHA-1 is very close to being "cracked". It is very likely that the above situation will occur: someone will find a collision algorithm or crack it, and then make a fake police officer ID.

Because of my work, Opera is a member of the Chromium security team, so I know more about this. If you are interested, you can go and have a look at the quarrel in the discussion group. I have taken a screenshot and posted it here:

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.