Microsoft deprecates certificates using RSA keys shorter than 2048 bits and this is very good for users
However, the deprecation won't affect companies.
2 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
After it announced that it would deprecate Windows Subsystem for Android, and Visual Studio App Center, Microsoft will also deprecate certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated, according to the latest addition to its list of deprecated items.
While the Redmond-based tech giant hasn’t specified an exact date, it’s safe to assume the company is deprecating this support, and while it might sound like bad news (in light of the other deprecations), the decision is actually quite good for users.
Here’s why:
RSA keys are used for secure communication on the Internet, and the certificates are used to prove that a website is secure and legitimate. The length of an RSA key matters for security: shorter keys are weaker and easier to crack, while longer keys are stronger and slower to process.
Due to this deprecation, certificates with RSA keys shorter than 2048 bits will no longer be supported, and this means Windows devices will be better secured from now on.
Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see Transitioning of Cryptographic Algorithms and Key Sizes – Discussion Paper (nist.gov). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.
Microsoft
However, companies won’t be impacted by the deprecation, but this doesn’t mean they shouldn’t update, and Microsoft highly recommends they should update to stronger keys as a safety measure:
TLS certificates issued by enterprise or test certification authorities (CA) aren’t impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.
Microsoft
It is highly recommended to keep up with the latest advances when it comes to cybersecurity, as threat actors are using more advanced ways, such as AI, to compromise organizations.
User forum
0 messages