Developers of the Fedora outlined a plan for disconnecting digital signatures based on SHA-1 algorithm in Fedora Linux 39. Disconnection suggests termination of confidence in the signatures that use Hesh SHA-1 (as quality The minimum supported in digital signatures will be declared the SHA-224), but the conservation of HMAC support with the Sha-1 and the provision of the opportunity to enable Legacy Profile with the Sha-1. After applying the changes, the default library will begin to block the generation and checking the signatures with the Sha-1.
The shutdown is planned to be carried out in several stages: in Fedora Linux 36, SHA-1 signatures will be excluded from the Future policy, a test-fedora39 test policy is provided for disconnecting SHA-1 at the request of the user (update-crypto-poolicies- Set test-Fedora39), when creating and verifying SHA-1 signatures in the log, warnings will be displayed. In the process of preparing the release of Fedora Linux 38, a policy that prohibits the use of signatures based on the Sha-1 will be applied to the form of beta version in the RAWHIDE repository, but this change will not be applied in the beta-issue and release of Fedora Linux 38. In the release of Fedora Linux 39, a policy with the termination of support for SHA-1 signatures will be applied by default.
The proposed plan has not yet been considered by the FESCO committee (Fedora Engineering Steering Committee), which is responsible for the technical part of the development of the Fedora distribution. The cessation of support for SHA-1 signatures is due to an increase in the efficiency of conflict attacks with a given prefix (the cost of collection selection is estimated at several tens of thousands of dollars). In browsers, certificates certified using the Sha-1 algorithm are marked as unprotected since mid-2016.