Article Details
Scrape Timestamp (UTC): 2024-03-18 19:54:16.765
Original Article Text
Click to Toggle View
Microsoft announces deprecation of 1024-bit RSA keys in Windows. Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. Rivest–Shamir–Adleman (RSA) is an asymmetric cryptography system that uses pairs of public and private keys to encrypt data, with the strength directly related to the length of the key. The longer these keys, the harder they are to crack. 1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030. RSA keys are used in Windows for several purposes, including server authentication, data encryption, and ensuring the integrity of communications. Microsoft's decision to move the minimum requirement for RSA keys to 2048 bits or longer for certificates used in TLS server authentication is important to protect organizations from weak encryption. "Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated," reads the new entry in Microsoft's list of deprecations. "Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer." "This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows." Unfortunately, this move will likely impact organizations using older software and network-attached devices, such as printers, that utilize 1024-bit RSA keys, preventing them from authenticating with Windows servers. While Microsoft has not specified precisely when the deprecation will begin, it will likely involve a formal announcement followed by a grace period, as we saw with the deprecation of keys under 1024 bits in 2012. During this grace period, Windows administrators can configure logging to determine what devices are attempting to connect using older keys and will be impacted by this change. To minimize problems, Microsoft has decided to limit the scope of impact so as not to affect TLS certificates issued by enterprise or test certification authorities. However, the tech giant strongly recommends that organizations transition RSA keys of 2048 bits or longer as soon as possible as part of following best security practices.
Daily Brief Summary
Microsoft is deprecating RSA keys under 2048 bits in Windows TLS to enhance security.
RSA cryptography relies on key length for strength, with 2048-bit keys being substantially more secure than 1024-bit keys.
The deprecation targets TLS server authentication certificates, aligning with internet standards that have discouraged 1024-bit keys since 2013.
Organizations using older software or devices with 1024-bit RSA keys will need to update to maintain authentication with Windows servers.
Microsoft has yet to announce a specific start date for the deprecation but plans to provide a transition period for affected Windows administrators.
Enterprise and test certification authority-issued TLS certificates are exempt from the impact to avoid widespread issues.
Microsoft advises organizations to adopt RSA keys of 2048 bits or longer promptly in line with best security practices.