Microsoft is deprecating 1024-bit RSA certificate support in Windows 10 and Windows 11 to boost security

Security padlock

Microsoft has quietly announced plans to deprecate TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits.

The change means that it will not be possible to use 1024-bit keys, although Microsoft is yet to reveal exactly when the changeover will start. This is important information for companies using aging hardware and software as it will mean weaker keys can no longer be used for authentication.

See also:

Microsoft's deprecation decision comes more than a decade after regulators stopped the use of 1024-bit keys, but the lack of timescale for what is happening for Windows users is likely to cause a degree of concern. As Bleeping Computer suggests, however, as happened with the deprecation of sub-1024-bit keys 12 years ago, there will likely be a more formal announcement followed by a reasonable grace period.

In the latest addition to the list of deprecated features, Microsoft writes:

Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

The company goes on to say: "TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes".

Image credit: Wayne Williams

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.