Microsoft to Drop Support for 1024-bit Windows RSA Keys


Key Takeaways:

  • Microsoft is discontinuing Windows RSA keys shorter than 2048 bits to promote stronger encryption methods for server authentication.
  • Internet standards and regulatory bodies have already disallowed the use of 1024-bit keys since 2013, advocating for 2048 bits or longer for RSA keys.
  • Microsoft says that organizations relying on legacy software and devices with 1024-bit RSA keys will likely be affected.

Microsoft has announced plans to discontinue Windows RSA keys shorter than 2048 bits. The company explains that this step aims to prompt organizations to abandon weaker encryption methods in favor of stronger ones for server authentication.

Rivest-Shamir-Adleman (RSA) keys are the cryptographic keys used in the RSA encryption algorithm. RSA involves the use of a public and private key to encrypt data for secure communications over an enterprise network. RSA keys are utilized in Windows for a variety of purposes including server authentication, data encryption, and ensuring the integrity of communications and software updates.

Microsoft mentioned that RSA encryption has faced numerous challenges due to recent advancements in quantum computing and other cryptographic techniques. As a result, many organizations are now transitioning towards more secure encryption schemes to minimize the risks associated with RSA vulnerabilities.

“Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer, Microsoft explained. “This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.”

Microsoft urges upgrade to 2048-bit RSA Keys

As of this writing, Microsoft has not provided an ETA as to when the Windows RSA keys deprecation process would begin. However, this change will likely affect organizations that use legacy software and network-attached devices that use 1024-bit RSA keys.

Microsoft notes that the move will not impact TLS certificates issued by enterprise or test certification authorities (CA). The company recommends customers to update RSA keys to longer or equal to 2048 bits.