Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security.
Rivest-Shamir-Adleman is an asymmetric cryptography system that uses pairs of public and private keys to encrypt data, with the strength directly related to the length of the key.
The longer these keys, the harder they are to crack.
1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor.
Experts in the field consider 2048-bit keys safe until at least 2030.
RSA keys are used in Windows for several purposes, including server authentication, data encryption, and ensuring the integrity of communications.
Microsoft's decision to move the minimum requirement for RSA keys to 2048 bits or longer for certificates used in TLS server authentication is important to protect organizations from weak encryption.
This move will likely impact organizations using older software and network-attached devices, such as printers, that utilize 1024-bit RSA keys, preventing them from authenticating with Windows servers.
While Microsoft has not specified precisely when the deprecation will begin, it will likely involve a formal announcement followed by a grace period, as we saw with the deprecation of keys under 1024 bits in 2012.
During this grace period, Windows administrators can configure logging to determine what devices are attempting to connect using older keys and will be impacted by this change.
To minimize problems, Microsoft has decided to limit the scope of impact so as not to affect TLS certificates issued by enterprise or test certification authorities.
The tech giant strongly recommends that organizations transition RSA keys of 2048 bits or longer as soon as possible as part of following best security practices.
Microsoft Sysmon now detects when executables files are created.
Make Windows your assistant with $30 off a PowerShell training bundle.
Microsoft says it fixed a Windows Metadata server issue that's still broken.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 18 Mar 2024 19:55:56 +0000