More
Microsoft is cancelling weak roots

Microsoft is cancelling weak roots

08-10-2012 12:37:00

A weak roots are defined as a keys long less than 1024-bits. No connections with these short encryption keys are dedicated to increase the protection of users and also moving from the Internet old and unsafe tools to a stronger encryption length.

Microsoft has been informing about changes for several months and has been promoting upgrades to minimum 2048-bits root certificates. From tomorrow (9 October 2012) weak root keys will be cancelled as an unsafe connections.

These certificates uses keys with 516-bits lengths e.g., but today the norm is 2048-bits length and it is possible to find a security with 4096-bits encryption level.

All key lengths less than 1024-bytes were designed many years ago and don't provide protection against attacks popular in the Internet nowadays. No changes for stronger encryption may meet no connection with the website (poorly protected sites may be disconnected by the browser) or no digital signs for e-mail on Outlooks.

Rejecting weak security levels shouldn't affect many sites and Internet users because all SSL certificates are issued by Certificates Authorities for specified number of years and after this time it is necessary to renew SSL certificate with obligatory valid security level.

Tomorrow's upgrade continues the plan of rejecting all weak root keys. This August Microsoft cancelled all connections with websites, applications, platforms and files which worked with old keys long less than 1024-bits issued before 1st January 2010. Microsoft is planning to cancel all 1024-bits in the end of next year.

More: InfoSecurity Magazine

Recent Posts

Comodo / Sectigo is changing its Root CAs
28-12-2018 11:23:52

Sectigo, formerly known as Comodo CA, is entering the next phase of its transition: it’s replacing Comodo CA roots with USERTrust roots on January 14, 2019. Why it happens and what it will mean to Sectigo customers?

Comodo / Sectigo is changing its Root CAs
GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
18-05-2018 15:47:40

General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
Deadlines for replacing Symantec Group certificates
08-12-2017 14:11:50

In November this year we wrote about the need to replace SSL certificates issued by Symantec Group. Find out the dates when you need to re-issue your certificates.

Deadlines for replacing Symantec Group certificates
more posts