Microsoft has been warning about the move for several months, and has been advising all users to upgrade their digital certificates. From tomorrow, the advance warning takes effect, and the consequences could be severe for any encrypted systems still using shorter length keys.
“In the wake of the Flame malware attacks,” explains Venafi, “Microsoft has advised its customers to take this step to harden security against known vulnerabilities and attack vectors in order to prevent business and operational disruptions.” An attacker, warns Microsoft, “could duplicate the certificate and use it to fraudulently spoof content, perform phishing attacks, or perform man-in-the-middle attacks.”
Users will have no choice but to upgrade their certificates from tomorrow (9 October 2012). Failure to do so will lead to “disruptions to business and computing operations,” continued Venafi, which “could include everything from Internet Explorer failures to inability to encrypt or digitally sign emails on Outlook 2010 and other legacy systems that rely on the older, weaker encryption keys.”
One effect, independent security researcher Robin Wood (DigiNinja online) told Infosecurity, “is that IE will no longer be able to talk to websites which use certificates with key lengths less than 1024 bytes. This shouldn't affect many sites with commercially acquired certificates as certificate authorities have not been issuing certificates like that for a while. What it will affect,” he continued, “are embedded systems which have self-signed certificates with less and 1024 bytes. A lot of these can't be easily upgraded so admins may be locked out of some devices. They could use other browsers but some applications require ActiveX components which will only work with IE.”
It is worth noting, however, that while the Microsoft upgrade will insist on 1024-bit key length as a minimum, the company actually recommends a greater length: “We recommend that users implement certificates that have a key length of at least 2048 bits,” notes the Microsoft Security Advisory: Update for minimum certificate key length. This effectively follows NIST’s advice back in 2007: “a 1024 bit RSA key would not provide sufficient protection between 2011 and 2019 and, therefore, it is not recommended that 1024-bit RSA be used in this case. It is recommended that the algorithms and key sizes [2048-bit RSA] should be used to provide the cryptographic protection.”
The certificate weakness that Microsoft is now addressing will continue in non-MS systems. Advice, then, is that today users must ensure that Microsoft-based certificates are at least 1024-bits in length (but preferably 2048-bits), and that all other certificate keys should be brought up to strength as soon as possible.