Microsoft deprecates certificates using RSA keys shorter than 2048 bits and this is very good for users

However, the deprecation won't affect companies.

News

Reading time icon 2 min. read

Calendar icon Published on

by Flavius Floare 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

rsa key

After it announced that it would deprecate Windows Subsystem for Android, and Visual Studio App Center, Microsoft will also deprecate certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated, according to the latest addition to its list of deprecated items.

While the Redmond-based tech giant hasn’t specified an exact date, it’s safe to assume the company is deprecating this support, and while it might sound like bad news (in light of the other deprecations), the decision is actually quite good for users.

Here’s why:

RSA keys are used for secure communication on the Internet, and the certificates are used to prove that a website is secure and legitimate. The length of an RSA key matters for security: shorter keys are weaker and easier to crack, while longer keys are stronger and slower to process.

Due to this deprecation, certificates with RSA keys shorter than 2048 bits will no longer be supported, and this means Windows devices will be better secured from now on.

Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see Transitioning of Cryptographic Algorithms and Key Sizes – Discussion Paper (nist.gov). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

Microsoft

However, companies won’t be impacted by the deprecation, but this doesn’t mean they shouldn’t update, and Microsoft highly recommends they should update to stronger keys as a safety measure:

TLS certificates issued by enterprise or test certification authorities (CA) aren’t impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.

Microsoft

It is highly recommended to keep up with the latest advances when it comes to cybersecurity, as threat actors are using more advanced ways, such as AI, to compromise organizations.

More about the topics: microsoft, security

Flavius Floare

Flavius Floare Shield

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He's always curious and ready to take on everything new in the tech world, covering Microsoft's products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that's always ready to bring you the bleeding edge!