Forgot your password?
typodupeerror
Security Encryption Microsoft Upgrades Windows IT

Microsoft: As of October, 1024-Bit Certs Are the New Minimum 207

Posted by timothy
from the always-so-very-precise dept.
way2trivial writes with this snippet from Information Week about a warning from Microsoft reminding Windows administrators that an update scheduled for October 9th will require a higher standard for digital certificates. "That warning comes as Microsoft prepares to release an automatic security update for Windows on Oct. 9, 2012, that will make longer key lengths mandatory for all digital certificates that touch Windows systems. ... Internet Explorer won't be able to access any website secured using an RSA digital certificate with a key length of less than 1,024 bits. ActiveX controls might be blocked, users might not be able to install applications, and Outlook 2010 won't be able to encrypt or digitally sign emails, or communicate with an Exchange server for SSL/TLS communications."
This discussion has been archived. No new comments can be posted.

Microsoft: As of October, 1024-Bit Certs Are the New Minimum

Comments Filter:
  • Why 1024? (Score:5, Interesting)

    by fsck1nhippies (2642761) on Sunday September 09, 2012 @07:44PM (#41283679)

    System have the ability to go further, why not make 2048 the minimum? Does anyone know why 1024 was selected? I would guess it has to do with some backwards compatibility with something. Some of the issuers are making it next to impossible to go below 2048.

    • Re:Why 1024? (Score:5, Interesting)

      by Penguinisto (415985) on Sunday September 09, 2012 @08:04PM (#41283799) Journal

      Thinking much the same thing here as well. Even a CA like GoDaddy won't take anything smaller than a 2k cert key.

      Most SSL certs we cook up have a 2048 minimum anyway, and some certs we use have a standard of at least 4096 (I work in the banking/financial industry, so we're used to using the bigger keys).

      I'm thinking that they stuck with 1024 because most IIS 7.x (Win2k8 Server) allows for a minimum 1024 key size when making CSRs, and (maybe? can't remember) the really old crap (IIS5 or 4?) won't interpret anything bigger, which means enterprises with those old installs will scream bloody murder if they have to re-key but can't meet minimum length.

      • Re:Why 1024? (Score:4, Insightful)

        by aaarrrgggh (9205) on Monday September 10, 2012 @05:46AM (#41285969)

        Bigger keys in banking? Why do we still have the 14 bit pin codes then...

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          For the same reason you don't carry a vault in your pocket. 14 bits is enough to protect the $10^3 moving out of your ATM account, but something better is called for when processing $10^9 interbank transactions.

    • Re:Why 1024? (Score:5, Interesting)

      by SCPRedMage (838040) on Sunday September 09, 2012 @08:11PM (#41283855)
      Probably because they didn't want to break a greater number of certs.
    • Re: (Score:3, Insightful)

      "Does anyone know why 1024 was selected?"

      But one has to wonder why Microsoft is doing the selection.

      I'm not Microsoft-bashing here, but if I had an old cert on a site somewhere, there is no way in hell I would update it just to be compatible with Internet Explorer. Let Explorer users do without. I don't care in the slightest.

      • If you want to cut 40% of the internet users off from your content, that's your prerogative.
        • Re: (Score:2, Insightful)

          "If you want to cut 40% of the internet users off from your content, that's your prerogative."

          Yes, indeed it is. But it could be 30%, or 20%, or whatever, if it were some browser other than Explorer. The only reason I mentioned Explorer at all is because it is Microsoft doing this.

          But I don't agree with companies using coercive tactics to push a standard THEY decided THEY like. I don't particularly care what standard that is.

        • by tqk (413719)

          If you want to cut 40% of the internet users off from your content, that's your prerogative.

          This's nonsensical.

          I don't have a great deal of respect for this cert system you guys use, but since you do, you ought to all be using it in the best way it can be used to protect both yourselves and the users who're relying on your securing of your systems.

          You're damned right I care whether my online banking is secure, and if my bank's doing it wrong, you're damned right I'm going to be looking to transfer to one that does it right.

          Secure, or convenient? Hmm. "What's the potential downside of convenient?

    • Re:Why 1024? (Score:5, Informative)

      by jrumney (197329) on Sunday September 09, 2012 @08:57PM (#41284063) Homepage
      1024 was selected because this will not affect any US corporations, who always used 1024 bit certificates. Lower bit lengths were only ever offered because US export law would not allow high strength encryption products to be exported from the US, so MS and others shipped a lot of crippled copies of Windows NT, 95, 98 and maybe even Windows 2000 to customers outside the US.
      • Re:Why 1024? (Score:5, Interesting)

        by yuhong (1378501) <yuhongbao_386@hotm[ ].com ['ail' in gap]> on Sunday September 09, 2012 @10:05PM (#41284415) Homepage

        On Win2000, US lifted export restrictions only one month after Win2000 RTMed in Dec 1999, so MS had to ship the high encryption pack on a floppy disk inside the Win2000 package in addition to making it available for download. SP2 finally built it in.

    • by bloodhawk (813939)
      because in many environments 1024 are still quite commonly used, especially in scenarios where cost of encryption for 2048 is a factor. Breaking the rare place that uses less than 1024 is probably ok, breaking the MANY that still use 1024 would have huge repercussions. while 1024 is not long enough to be considered completely secure, it is still good enough for many scenarios.
    • by Xacid (560407)

      Read up on the history of PGP. The answer to that will become clear.

    • Re:Why 1024? (Score:5, Insightful)

      by smash (1351) on Sunday September 09, 2012 @09:36PM (#41284269) Homepage Journal
      Because NSA / CIA haven't cracked 2048 bit yet, silly.
    • by jafiwam (310805)

      System have the ability to go further, why not make 2048 the minimum? Does anyone know why 1024 was selected? I would guess it has to do with some backwards compatibility with something. Some of the issuers are making it next to impossible to go below 2048.

      There is an embedded VPN device (hardware box) that is so old it won't take certs longer than 1024 where I work. I assume a lot of other companies are in the same boat, expensive or simply not made anymore bits of infrastructure using tech that was envisioned as "enough". Stuff that came out during the tech-boom is even worse, where the assumption every company was loaded with cash to spend on IT stuff was sorta true.

      I bought a 3 year cert last time around for the device, and have about a year left befo

    • by asdf7890 (1518587)

      Does anyone know why 1024 was selected?

      Almost certainly due to the number of 1024 bit certs that are out there.

      Most CA's won't sign anything smaller than 2048 bit now, and that has been the case for a year or few, but what about companies that paid an absolute fortune for five year "enhanced validation" certificates or have their own CA for internal use and signed many many keys smaller than 1024 some years ago.

      From a security standpoint 2048 should really be the cut-off, as it is elsewhere, but from a practicality view that simply wouldn'

    • 1024 is much faster: ~x5 less operations. The is also an issue with larger keys (especially with chains) not fitting in the first packet.

      More specifically Google still uses 1024 keys (despite the fact you and me can't even get them any more), so not supporting them may have been bigger news.

  • by Meshach (578918) on Sunday September 09, 2012 @07:48PM (#41283717)
    TechRepublic noted this a while ago [techrepublic.com] and provided detailed instructions [technet.com] on how to work-around the issue.
  • by js33 (1077193) on Sunday September 09, 2012 @11:20PM (#41284793)
    There is an entire collection of root certs in your browser that are all trusted unconditionally. Hundreds of them, in fact. These root certs have signed thousands (who knows how many, really?) intermediate certs. All of these intermediate certs are trusted unconditionally to authenticate any SSL server whatsoever. It's pointless to have a key longer than the shortest intermediate cert key length in use anywhere. When you use SSL, you are trusting thousands of unknown parties with absolute cert-signing authority. SSL certificates are known to have been used for explicit man-in-the-middle purposes: Trustwave sold root certificate for surveillance [zdnet.com]. Sure they revoked that one key because of the bad publicity, but it's common industry practice [idg.com.au]. How is SSL hopelessly broken? Let us count the ways [theregister.co.uk].
  • If you use a program like SCCM, SCE, EmminantWare/SolarWinds, Secunia, Local Update Publisher (plug: my OSS alternative), or any other similar program that allows you to publish your own packages through the WSUS system you will also need to worry about this. For some time the default certificate that gets created was 512 bits and will become invalid with this update. Check with your vendor to see what remedy they suggest. One of the recent updates to the WSUS API bumped this default cert creation to 204
  • I'm the head IT manager for this 50-person company so I'm stuck as the server administrator despite having about 12 weeks of MCSE training. Someone else set up our current self-signed certificate so I don't know the size or how to check. I do know they plopped the .cer file itself down on C: though, lol. So I opened it in notepad, pasted its main contents to Word, and ran a character count. It's 2092 total characters in size. I'm going to take a guess that that's a 2048 bit cert, right? So:
    1. Am I correc
  • According to GlobalSign (one of the largest CA's), they stopped issuing 1024bit keys back in 2010... The lowest encryption they (and most CA's) use now is 2048bits. https://www.globalsign.com/support/faq/sslfaq.php [globalsign.com] All orders placed from November 29th 2010 will only be accepted with a CSR key length of 2048 bits or higher. This is to fully comply with the National Institute of Standards and Technology Recommendations (NIST) and the mandatory requirements by Microsoft's Root Certificate Program to issue Ce

I am the wandering glitch -- catch me if you can.

Working...