Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: As of October, 1024-Bit Certs Are the New Minimum

Posted by timothy on from the always-so-very-precise dept.

way2trivial writes with this snippet from Information Week about a warning from Microsoft reminding Windows administrators that an update scheduled for October 9th will require a higher standard for digital certificates. "That warning comes as Microsoft prepares to release an automatic security update for Windows on Oct. 9, 2012, that will make longer key lengths mandatory for all digital certificates that touch Windows systems. ... Internet Explorer won't be able to access any website secured using an RSA digital certificate with a key length of less than 1,024 bits. ActiveX controls might be blocked, users might not be able to install applications, and Outlook 2010 won't be able to encrypt or digitally sign emails, or communicate with an Exchange server for SSL/TLS communications."

19 of 207 comments (clear)

  1. Why 1024? by fsck1nhippies · · Score: 5, Interesting

    System have the ability to go further, why not make 2048 the minimum? Does anyone know why 1024 was selected? I would guess it has to do with some backwards compatibility with something. Some of the issuers are making it next to impossible to go below 2048.

    1. Re:Why 1024? by Penguinisto · · Score: 5, Interesting

      Thinking much the same thing here as well. Even a CA like GoDaddy won't take anything smaller than a 2k cert key.

      Most SSL certs we cook up have a 2048 minimum anyway, and some certs we use have a standard of at least 4096 (I work in the banking/financial industry, so we're used to using the bigger keys).

      I'm thinking that they stuck with 1024 because most IIS 7.x (Win2k8 Server) allows for a minimum 1024 key size when making CSRs, and (maybe? can't remember) the really old crap (IIS5 or 4?) won't interpret anything bigger, which means enterprises with those old installs will scream bloody murder if they have to re-key but can't meet minimum length.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    2. Re:Why 1024? by SCPRedMage · · Score: 5, Interesting

      Probably because they didn't want to break a greater number of certs.

      --
      My sig can beat up your sig.
    3. Re:Why 1024? by jrumney · · Score: 4, Informative

      1024 was selected because this will not affect any US corporations, who always used 1024 bit certificates. Lower bit lengths were only ever offered because US export law would not allow high strength encryption products to be exported from the US, so MS and others shipped a lot of crippled copies of Windows NT, 95, 98 and maybe even Windows 2000 to customers outside the US.

    4. Re:Why 1024? by smash · · Score: 5, Insightful

      Because NSA / CIA haven't cracked 2048 bit yet, silly.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    5. Re:Why 1024? by fast+turtle · · Score: 4, Informative

      smart/feature phones

      There's your biggest drawback to the 1k keysize. How many of them can handle more then that? Simply put, it's the U.S. Telco's that aren't able to handle anything larger as everyone else offers phones that can handle 2k+ certs.

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    6. Re:Why 1024? by yuhong · · Score: 4, Interesting

      On Win2000, US lifted export restrictions only one month after Win2000 RTMed in Dec 1999, so MS had to ship the high encryption pack on a floppy disk inside the Win2000 package in addition to making it available for download. SP2 finally built it in.

    7. Re:Why 1024? by viperidaenz · · Score: 4, Informative

      I don't know about you, but I went to school. I see a factor of 10 between 1 and 10.
      Have a look at http://en.wikipedia.org/wiki/Birthday_problem A group of just 23 people is required to get a 50% probability two people will have the same birthday, despite there being 366 different days in the year. 57 for 99% probability. That equates to 6.3% change, hits 50% probability and 15.5% hits 99%.

      If moving to 2048bits makes 15% of the certs in use invalid, the vast majority of your users will be effected.

    8. Re:Why 1024? by betterunixthanunix · · Score: 4, Insightful

      So you are going to tell one of your biggest customers, "We told you over a year ago that you had to replace those hardware modules, so why did you not do it?"

      It is easy for Microsoft to phase out 768 bit keys; hardly anyone uses them these days. 1024 bit keys are a completely different story; they are widespread, popular, and it is going to be expensive to replace them all. For over a decade, 1024 bits has been the default, and during that time a lot of systems were deployed, including a lot of hardware modules. Some of those systems have the key-length set in stone, and some of those systems are hard to replace (imagine taking a mission critical system down to upgrade your key length -- try selling that one to management).

      1024 bit is deprecated, but it is not going to be gone any time soon. There is just too much friction, and too little understanding of why key lengths should be increased.

      --
      Palm trees and 8
    9. Re:Why 1024? by Firethorn · · Score: 4, Insightful

      From reading on the issue, the problem isn't fresh keys, it's older programs and hardware that can't handle anything greater than 1024. Not all of them have the option to handle 2048+. So we have to wait until those are replaced before breaking support for them.

      --
      I don't read AC A human right
  2. Re:open source by bloodhawk · · Score: 5, Insightful

    just because it is closed source doesn't mean people can't read the source. thousands of universities and government agencies and even other organisations have access to the source code for windows for development purposes, security evaluation purposes and research purposes.

  3. This was announced several months ago by Meshach · · Score: 5, Informative

    TechRepublic noted this a while ago and provided detailed instructions on how to work-around the issue.

    --
    "Maybe this world is another planet's hell"
    Aldous Huxley
  4. Close Goate.cx instead by Anonymous Coward · · Score: 5, Funny

    Wouldn't be much of an OS if it didn't have a reach-around.

  5. Open source suffers from quasi-religious stuff too by perpenso · · Score: 4, Informative

    No matter how few people actually read through the Linux kernel code, it's sufficiently open that blatant backdoors are not going to be inserted.

    Open source suffers from quasi-religious stuff too, as you just demonstrated with your claim. Ken Thompson, of Bell Labs and Unix and C fame - the "K" in K&R, demonstrates the insufficiency of being able to read the source code.
    http://cm.bell-labs.com/who/ken/trust.html

  6. Re:open source by man_of_mr_e · · Score: 4, Informative

    Nice weasel word there. Blatant. What makes you think that if there are backdoors in Windows they're blatent?

    Think back to the AARD code, they went way out of their way to obfuscate it. Microsoft would not be so stupid as to put a well commented backdoor in there.

    Of course, I'm sure someone will bring up the NSAKEY incident, which various security researches (such as Bruce Schneier) have dismissed as merely allowing the NSA to install their own key to be install for their internal systems without having to have MS sign it.

    You do know that backdoors have been inserted into Linux distro's in the past, and some of them took a great deal of time to be discovered. Then of course, one never really knows if a security vulnerability is intentional or not (on any platform).

    There have also been some near calls as well in the kernel itself. For instance, who remembers this doozy?

    http://www.securityfocus.com/news/7388

    Yes, it was caught, but not because of "many eyes". It was because the attacker chose to try to modify the version control file directly. Had it gone in by some other means, it may not have been caught at all.

    --
    If you need web hosting, you could do worse than here
  7. Re:open source by Anonymous Coward · · Score: 5, Interesting

    Not true when kernel.org itself gets hacked.

    On the contrary. Which distros actually compiled and released a version of the kernel that was compiled from code downloaded during the window this attack was in effect? If you're running Debian then your kernel is anywhere from just now old to 2 years on the stable version. And if you're doing the right thing and using Ubuntu LTS releases instead of the beta interim stuff then it's the same deal. With Windows, there's only 2 releases to the mainstream. The server and the desktop versions. So whatever kernel MS builds, that's the one everybody uses. With Linux even with kernel.org getting hacked, you have a fighting chance but with Windows, you're done.

  8. Re:open source by GigaplexNZ · · Score: 4, Informative

    The website was hacked. The Linux source was not compromised.

  9. Re:open source by LordLimecat · · Score: 4, Insightful

    I don't really understand how anyone can care whether a closed source operating system is secure.

    This is so much garbage.

    Opensource systems have their share of holes, and the idea that there is a gigantic pool of people qualified to catch backdoors in something as relatively simple as a web browser-- let alone an OS-- is absurd. Just because you can look at the source doesnt mean you can do a remotely competent job of auditing it; and the idea that a single person could somehow audit hundreds of thousands of lines of code for security "on a whim" is even more absurd.

    There are a lot of benefits to open source, but sometimes its advocates really stretch the imaginations with some of the claims and accusations they level against proprietary software.

    it's sufficiently open that blatant backdoors are not going to be inserted.

    So I suppose the whole potential IPSEC backdoor in freeBSD thing was just my imagination, then?

    Youre talking nonsense. Consider that OpenSSL is widely considered a horrendously complex pile of spaghetti code, which I believe has had its share of security issues, and yet we still use it. Is it because we're lazy? No, its because sometimes some of this security stuff is phenomenally complicated, and it would take a horrendous number of man-hours from incredibly talented people to refactor or replace it.

    One of the benefits of paid software is that, if theyre competent, they can devote a lot of time to it because they are paid. Im gonna go out on a limb here and say that one of the biggest helpers to good code in a lot of OSS projects are the paid volunteers, not the mere fact that its "open" as if that dash of pixie dust makes a project magically better.

  10. Key length is the least of concerns for SSL by js33 · · Score: 5, Interesting

    There is an entire collection of root certs in your browser that are all trusted unconditionally. Hundreds of them, in fact. These root certs have signed thousands (who knows how many, really?) intermediate certs. All of these intermediate certs are trusted unconditionally to authenticate any SSL server whatsoever. It's pointless to have a key longer than the shortest intermediate cert key length in use anywhere. When you use SSL, you are trusting thousands of unknown parties with absolute cert-signing authority. SSL certificates are known to have been used for explicit man-in-the-middle purposes: Trustwave sold root certificate for surveillance. Sure they revoked that one key because of the bad publicity, but it's common industry practice. How is SSL hopelessly broken? Let us count the ways.