Microsoft has announced that RSA keys shorter than 2048 bits will soon become obsolete in Windows Transport Layer Security (TLS) to ensure increased security.
Rivest-Shamir-Adleman (RSA) is an asymmetric encryption system that uses pairs of public and private keys to encrypt data, the strength of which directly depends on the key length. The longer these keys are, the harder they are to crack.
1024-bit RSA keys are roughly equivalent in security level to 80-bit symmetric algorithm keys, while a 2048-bit key is roughly equivalent to a 112-bit symmetric key. This makes it 4 billion times longer to decompose. Industry experts consider 2048-bit keys secure at least until 2030.
RSA keys are used in Windows for various purposes, including server authentication, data encryption, and ensuring communication integrity. Microsoft's decision to change the minimum requirement for RSA keys to 2048 bits or more for certificates used in TLS server authentication is important in protecting organizations from weak encryption.
This move is likely to impact organizations using outdated software and network devices, such as printers using 1024-bit RSA keys. Therefore, they will lose the ability to authenticate to Windows servers.
Microsoft did not specify when support for 1024-bit RSA keys will end in Windows. It is likely that the corporation will provide a transitional period, as was the case with the discontinuation of support for keys up to 1024 bits in 2012. During this grace period, Windows administrators can configure logging to identify which devices are attempting to connect using old keys and how this change will affect them. At the same time, Microsoft strongly recommends that organizations transition to RSA keys of 2048 bits or longer as soon as possible.
Source: bleepingcomputer
Comments (0)
There are no comments for now