Vigil@nce - Windows: rejecting RSA keys of less than 1024 bits
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Microsoft offers a patch for Windows, in order to reject RSA keys
of less than 1024 bits, which are seen as too weak.
Severity: 1/4
Creation date: 16/08/2012
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
– Novell Client for Windows XP/2003
DESCRIPTION OF THE VULNERABILITY
The RSA algorithm is used to encrypt data, using a key pair
(public and private). The size of the private key defines the time
required to find it using a brute force (or via optimizations)
attack. Nowadays, the minimal recommended size for RSA keys is
2048 bits.
Microsoft therefore offers a patch for Windows, in order to reject
RSA keys of less than 1024 bits, which are seen as too weak.
This patch will be offered by default on October 2012. It is thus
recommended to check the size of keys used by various
applications, in anticipation of installing this patch.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-rejecting-RSA-keys-of-less-than-1024-bits-11859