1024-bit RSA keys for Windows will soon be no more

News
By Sead Fadilpašić
published

Microsoft is deprecating 1024-bit RSA keys

Security padlock in circuit board, digital encryption concept
(Image credit: Getty Images)

Certificates with RSA keys shorter than 2048 will soon no longer be supported by Windows, Microsoft has announced.

“This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows,” the software giant said in the announcement, part of its latest “Deprecated features for Windows client” list. 

RSA keys are an essential part of the Rivest-Shamir-Adleman (RSA) encryption algorithm, a widely used tool for secure communication over the internet. The longer the keys, the stronger they are.  

Old network-attached storage in trouble

The older, 1024-bit keys have roughly 80 bits of strength, while the new ones have 112 bits, which makes them four billion times longer, BleepingComputer explains. These keys should be safe until 2030, at least.

“Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer,” Microsoft explained.

Companies using older software and hardware could run into trouble, as these tools will probably no longer work. 

Microsoft did not give a hard date on when the older keys will no longer be valid, but it is safe to assume that the transition will be somewhat slower and will allow organizations to adapt and replace older software and hardware. In an effort to achieve a seamless transition, the company said TLS certificates issued by enterprise or test certification authorities will not be affected. 

“TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change," Microsoft said. "However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.”

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.