Microsoft leads the way, setting new cryptographic defaults


PadlockTarget170While yesterday was Patch Tuesday, Microsoft didn’t just release fixes for security vulnerabilities. It also announced moves to improve the cryptographic integrity of Windows as a platform.

First, Microsoft officially began discontinuing the use of the RC4 cipher. With the introduction of Windows 8.1 and Internet Explorer 11, MS products now default to TLS 1.2 and support for the RC4 cipher has been dropped.

The use of RC4 has been a bit controversial as it has many known weaknesses and calls for its retirement have been discussed for some time.

The problem is stream ciphers like RC4 were one the primary defenses used by many websites against the infamous BEAST and Lucky Thirteen attacks.

Fortunately TLS 1.2 and AES-GCM are not vulnerable to these attacks and can now officially be considered mainstream.

Not running Windows 8.1 with Internet Explorer 11? Google Chrome, Firefox, Safari and Opera also support TLS 1.2.

Microsoft also provides a mechanism to disable the use of RC4 in Windows 7, 8, RT, Server 2008 R2 and Server 2012.

With Microsoft on board, hopefully we can bid goodbye to old versions of SSL and TLS for good.

Microsoft’s second announcement was that beginning on January 1, 2016 Windows will no longer support the use of X.509 certificates issued using the SHA-1 hashing algorithm for SSL and software code signing.

SHA1-SHA2-170This is a welcome proactive move by Microsoft after having been burned when MD5 certificates were abused through a collision in the Flame malware last year.

MD5 was considered weak for many years, but still supported by Windows because many certificate authorities were lax in updating and still issuing valid MD5 certificates long after they should have.

Microsoft seems to realize its job is to use its dominant market presence to lead, not follow. While SHA-1 is significantly stronger than MD5 was when it was dropped, Microsoft is dropping support before it is abused.

Be sure your certificates are using SHA-2 from here forward and when you renew your certificates make sure your Certificate Authority isn’t setting you up to fail in January 2016.