Microsoft says “No!” to insecure certificate practices

Microsoft says "No!" to insecure certificate practices

Shield courtesy of ShutterstockPatch Tuesday is here, and I’d like to draw your attention to a broader policy decision Microsoft will be deploying next Patch Tuesday (October).

The strength of digital certificates is something I frequently write about here on Naked Security because I believe we all too often fall back to the lowest common denominator. Microsoft’s market dominance means that, like it or not, they are somewhat responsible for establishing the minimum accepted practice.

Beginning in October, Windows computers consuming updates directly from Microsoft will no longer accept digital certificates that are signed with RSA keys smaller than 1024 bits.

This includes SSL certificates, Authenticode code signing certificates, email certificates, and any other certificates validated by the Windows Crypto APIs.

Why is this so important? It may break old applications, but it sets a new minimum standard that everyone should have adopted long ago.

The problem is many organizations got stuck in time and have not increased their key strength as flaws have been found and computing power has increased.

512-bit RSA keys were factored in 1999, while RSA 768 was factored in 2009. The reasonable conclusion is that these ciphers are no longer safe from snooping and need to be retired.

If you are an organization that still uses these keys, you may need to hold off on deploying this update, but is that really a good idea?

Perhaps this is a blessing in disguise, as anything you are “protecting” with weak RSA certificates isn’t in fact protected at all. You ought to have fixed this situation, and the Microsoft update offers a golden opportunity if you haven’t already done so.

If the data really *does* need protection it is time to raise the bar. 1024 bits is nice, but realistically there is no good reason not to bump it up to 4096. If it isn’t sensitive to begin with, why are you using public key cryptography? It’s needless complexity.

The way I like to think of it is similar to the way I think about people using WEP to protect their wireless networks. If an access point is unprotected, I assume that is intentional.

If it is protected with WPA2, I assume whoever controls it wants privacy and security. If it is protected with WEP, I assume that they want privacy and security and have no idea that they don’t have it.

Don’t be a WEP. Wave goodbye to keys <1024 bits with me and sail away into a more secure future.

Shield with check mark image courtesy of Shutterstock.