Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

1024-bit RSA keys for Windows will soon be no more

Security padlock in circuit board, digital encryption concept.

Certificates with RSA keys shorter than 2048 will soon no longer be supported by Windows, Microsoft has announced.

“This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows,” the software giant said in the announcement, part of its latest “Deprecated features for Windows client” list. 

RSA keys are an essential part of the Rivest-Shamir-Adleman (RSA) encryption algorithm, a widely used tool for secure communication over the internet. The longer the keys, the stronger they are.  

Old network-attached storage in trouble

The older, 1024-bit keys have roughly 80 bits of strength, while the new ones have 112 bits, which makes them four billion times longer, BleepingComputer explains. These keys should be safe until 2030, at least.

“Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer,” Microsoft explained.

Companies using older software and hardware could run into trouble, as these tools will probably no longer work. 

Microsoft did not give a hard date on when the older keys will no longer be valid, but it is safe to assume that the transition will be somewhat slower and will allow organizations to adapt and replace older software and hardware. In an effort to achieve a seamless transition, the company said TLS certificates issued by enterprise or test certification authorities will not be affected. 

“TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change," Microsoft said. "However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.”

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.