Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: As of October, 1024-Bit Certs Are the New Minimum

Posted by timothy on from the always-so-very-precise dept.

way2trivial writes with this snippet from Information Week about a warning from Microsoft reminding Windows administrators that an update scheduled for October 9th will require a higher standard for digital certificates. "That warning comes as Microsoft prepares to release an automatic security update for Windows on Oct. 9, 2012, that will make longer key lengths mandatory for all digital certificates that touch Windows systems. ... Internet Explorer won't be able to access any website secured using an RSA digital certificate with a key length of less than 1,024 bits. ActiveX controls might be blocked, users might not be able to install applications, and Outlook 2010 won't be able to encrypt or digitally sign emails, or communicate with an Exchange server for SSL/TLS communications."

12 of 207 comments (clear)

  1. This was announced several months ago by Meshach · · Score: 5, Informative

    TechRepublic noted this a while ago and provided detailed instructions on how to work-around the issue.

    --
    "Maybe this world is another planet's hell"
    Aldous Huxley
  2. Open source suffers from quasi-religious stuff too by perpenso · · Score: 4, Informative

    No matter how few people actually read through the Linux kernel code, it's sufficiently open that blatant backdoors are not going to be inserted.

    Open source suffers from quasi-religious stuff too, as you just demonstrated with your claim. Ken Thompson, of Bell Labs and Unix and C fame - the "K" in K&R, demonstrates the insufficiency of being able to read the source code.
    http://cm.bell-labs.com/who/ken/trust.html

  3. Re:Oh phuque them! by Anonymous Coward · · Score: 0, Informative

    Just switch to Linux. Do you really need them telling you what you have to do?

    You say that like it is simple. It isn't. There are people who expect their machines to work. They expect wireless, sleep, hibernate, 4G dongles, etc. to work in order to do business. They expect dock / undock with multiple large monitors to work. They have applications - thousands of them that they would have to re-write. If you think about it for all of 5 seconds you'd see that Linux either doesn't work well in many of these scenarios (it does on some machines, not so well on others) and the costs to switch would be enormous. Just switch. Jeez. How about you just switch your body's metabolism to run on tree bark? That would work just as well.

  4. Re:open source by man_of_mr_e · · Score: 4, Informative

    Nice weasel word there. Blatant. What makes you think that if there are backdoors in Windows they're blatent?

    Think back to the AARD code, they went way out of their way to obfuscate it. Microsoft would not be so stupid as to put a well commented backdoor in there.

    Of course, I'm sure someone will bring up the NSAKEY incident, which various security researches (such as Bruce Schneier) have dismissed as merely allowing the NSA to install their own key to be install for their internal systems without having to have MS sign it.

    You do know that backdoors have been inserted into Linux distro's in the past, and some of them took a great deal of time to be discovered. Then of course, one never really knows if a security vulnerability is intentional or not (on any platform).

    There have also been some near calls as well in the kernel itself. For instance, who remembers this doozy?

    http://www.securityfocus.com/news/7388

    Yes, it was caught, but not because of "many eyes". It was because the attacker chose to try to modify the version control file directly. Had it gone in by some other means, it may not have been caught at all.

    --
    If you need web hosting, you could do worse than here
  5. Re:open source by GigaplexNZ · · Score: 4, Informative

    The website was hacked. The Linux source was not compromised.

  6. Re:Why 1024? by jrumney · · Score: 4, Informative

    1024 was selected because this will not affect any US corporations, who always used 1024 bit certificates. Lower bit lengths were only ever offered because US export law would not allow high strength encryption products to be exported from the US, so MS and others shipped a lot of crippled copies of Windows NT, 95, 98 and maybe even Windows 2000 to customers outside the US.

  7. Re:Why 1024? by fast+turtle · · Score: 4, Informative

    smart/feature phones

    There's your biggest drawback to the 1k keysize. How many of them can handle more then that? Simply put, it's the U.S. Telco's that aren't able to handle anything larger as everyone else offers phones that can handle 2k+ certs.

    --
    Mod me up/Mod me down: I wont frown as I've no crown
  8. The real K&R by notdotcom.com · · Score: 3, Informative

    The "K" of K&R is wrong.

    "K" is Brian Kernighan. You know, the Brian Kernighan of "The C Programming Language" fame. He wrote a book or two. He's quite famous. Maybe you've heard of him.

    Look it up.

    --
    Grandpa: My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.
  9. Re:Why 1024? by viperidaenz · · Score: 4, Informative

    I don't know about you, but I went to school. I see a factor of 10 between 1 and 10.
    Have a look at http://en.wikipedia.org/wiki/Birthday_problem A group of just 23 people is required to get a 50% probability two people will have the same birthday, despite there being 366 different days in the year. 57 for 99% probability. That equates to 6.3% change, hits 50% probability and 15.5% hits 99%.

    If moving to 2048bits makes 15% of the certs in use invalid, the vast majority of your users will be effected.

  10. Re:Only 10 years behind the times by betterunixthanunix · · Score: 3, Informative

    As everyone moves to 2048 bit keys

    1. The most common key length is 1024 bits, and that is not going to change for a while. Despite the fact that most popular software packages default to 2048 bits, the increased load on servers, the lack of any successful attack on 1024 bit RSA (except for implementation attacks), and the general effort required to replace a public key will mean that most people will not bother for many years to come. There is also a lot of hardware out there that was built with a 1024 bit maximum, and that hardware is going to be expensive to replace.
    2. If you really want to get with the times, you should be talking about 3072 bit keys (roughly equivalent to AES-128), or you should be talking about ECC. If I had to guess, I would say that we will see elliptic curve systems become popular before 2048 bit RSA -- ECC has more promise in terms of efficiency and the security level you get per bit. Even the OpenPGP standard now includes ECC.
    --
    Palm trees and 8
  11. Re:Why 1024? by bloodhawk · · Score: 3, Informative

    when I say cost, cost is not always in financial terms (they I suppose these do have financial impacts too). processing 2048 bit encryption is more expensive processor wise than 1024 bit. Higher bit keys mean you are sacrificing performance/CPU/battery in order to utilise better security, The more SSL negotiations you require in your device/app/webpage etc the higher this cost is. if better security isn't required then that sacrifice may not be worth while in some scenarios.

  12. Re:Only 10 years behind the times by Anonymous Coward · · Score: 2, Informative

    True. ECC is definitely the way forward. NSA has already switched all their systems to it and the DoD mandated that all systems must switch from conventional public keys to ECC by 2010 (2 years ago). Whit Diffie said that NSA insiders told him the same thing (i.e. they trust ECC more). This has lead some to speculate there is an unpublished (NSA discovered) weakness with RSA (a speculation which may have some merit according to James Bamford, who in his infamous Wired article claims NSA "made a huge breakthrough in cryptanalysis a few years ago." Bamford didn't give specifics because his contacts didn't give specifics, but it seems much more likely they have broken RSA than the much more difficult AES (breaking RSA would give you the keys to the AES kingdom since AES keys are protected by RSA in hybrid systems like PGP/SSL. Break RSA and you have access to the AES key underneath).

    It's all speculation about RSA having flaws. Maybe NSA broke AES instead. Maybe they broke both. Maybe they have "broken" it in the sense of a novel side-channel attack. Maybe the insiders lied to Bamford for disinformation purposes. We don't know. Either way, ECC is better all around due to its reduced key size and at least as strong security. The problem is even though it is in the OpenPGP standard, it will not be in widespread use for many years yet. Werner Koch, the lead developer of GNUPG, says it will take many years for it to become widespread due to all the legacy systems, old software, people not upgrading, etc. There are many software implementations of OpenPGP, and not all of them will include ECC at the same rate. Plus lots of people have RSA keys with lots of signatures and they aren't going to want to go through all of those key signing parties again.