Understanding Microsoft’s Crypto Recommendations

In addition to the eight security updates that they released this month, Microsoft also set out some recommendations regarding choices of cryptographic algorithms that may have left some IT pros and managers scratching their heads in confusion. Just because you’re an experienced network administrator, it doesn’t mean you’re an expert in cryptography, which is a deeply technical topic that requires some heavy-duty mathematical knowledge to truly understand.

Luckily, you don’t have to be a mathematician or a cryptoanalyst to understand the reasoning behind the best practices that Microsoft is urging customers to adopt. All it takes is a very basic grasp of how cryptography works. If you’re already familiar with that, skip the next section and go right to “Microsoft’s Crypto Recommendations.”

Crypto Overview

The purpose of cryptography is to scramble data in such a way that it won’t make any sense to anyone else – except for those who possess the secret to how it was scrambled. Early ciphers were text-based, and they scrambled messages by substituting or transposing characters. Today cryptography is performed by computers, which perform their operations on binary numbers. The formula, or set of instructions for scrambling (encoding) the information is called an algorithm. Cryptographic algorithms are also called ciphers. Thus the term for decoding the information is decipher.

The mathematical formula (cipher) can be applied to just one bit or byte of data at a time, in which case it’s called a stream cipher. Ciphers that work on larger chunks of data (for example, 64 bits) are called block ciphers. One of the most important components of the cryptographic system is the key, which is usually a string of characters (like a password, PIN or passcode).

Algorithms are commonly divided into symmetric ones, which use the same key to encrypt and decrypt the data, just as a traditional lock uses the same key to lock or unlock a door. The other type is asymmetrical, meaning two different keys are used. This key pair is the basis for public key encryption, whereby one of the keys is made available to everyone (the public key) and the other is kept secret (the private key). Anybody can encrypt a message to you with your public key, but only you can decrypt it because that requires the private key.

You’ll also hear about hash functions or hash algorithms, which are ways of converting a string of inputted data of variable length into a fixed-length string in a way that, unlike many mathematical operations, is hard to reverse. Let’s say we apply a formula such as “X minus 3 times 6” to a number. If the number is 9, then 9 minus 3 is 6 and 6 times 6 is 36. We can take our value (36) and easily reverse the process to find out what X was, because 36 divided by 6 is 6 and 6 plus 3 is 9.  A good hash algorithm makes it very difficult to do that kind of reversal and find out what X is. These one way hashes are used to create digital signatures, store passwords securely and authenticate messages.

This explanation is very simplified, but it gives you the foundation for understanding why Microsoft is recommending that certain algorithms not be used.

Microsoft’s Crypto Recommendations

There are many different algorithms in use, and some of these are stronger (more secure) than others. One factor is the length of the keys that are used – the longer, the more difficult it is to break (decrypt) the encoded data by using a brute forcing attack (trying every possible key in sequence). There are a number of other ways to break encryption. Randomness is an essential component for a strong algorithm because cryptanalysis is based on analyzing the encrypted data and finding patterns. For instance, in a simple text-based substitution cipher, where letters are substituted for other letters, a cryptanalyst will look for letters that occur more frequently than others as they probably represent the most common letters such as “e.”

We use different types of encryption algorithms for different purposes, depending on specific needs. For example, RSA is a public key algorithm that can encrypt data, create digital signatures or be used for key exchange, but it’s slow. AES is a faster system that’s better suited for encrypting big amounts of data.

Increasingly stronger algorithms have been developed over the years because the longer an algorithm is around, the more time attackers have to identify its weaknesses, and also because computer systems get faster and thus capable of performing more “guesses” in a given time to crack a particular length of key. Thus generally older algorithms and those that use shorter keys are less secure.

That brings us to Microsoft’s recommendations, which are really just reiterations of what they’ve been saying for a while. Specifically, they’re telling customers not to use the RC4 cipher and the SHA-1 hash algorithm. RC4 is a simple algorithm, which makes it fast. It was created by Ron Rivest in 1987, so it’s getting long in the tooth. It was used widely in older encryption protocols such as WEP (Wireless Equivalent Privacy) for protecting wi-fi networks and TLS 1.x (Transport Layer Security) for encrypting data sent over the Internet. WEP has been largely replaced by WPA (Wi-fi Protected Access) and WPA2 because they’re more secure. TLS 1.x has been superseded by TLS 1.2.  Research into RC4 beginning over a decade ago showed patterns (non-random output) that made it easier for attackers to decrypt the data.

Internet Explorer 11 in Windows 8.1 defaults to more secure algorithms and Security Advisory 2868725 includes tools for testing and disabling RC4 and enabling TLS 1.2, which uses AES-GCM encryption. AES (Advanced Encryption Standard) was established as the preferred specification for encryption by the National Institute of Standards and Technology (NIST) in 2001, replacing the old DES (Data Encryption Standard) that had been used since 1977.  The strongest version uses 256 bit keys.

SHA-1 (Secure Hash Algorithm) is a hashing function that has been around since the mid-1990s and was developed by the NSA (National Security Agency). Weaknesses were discovered as early as 2005 that can result in spoofing, man-in-the-middle and other types of attacks. In 2010, NIST required some federal agencies to start using SHA-2 (a later, more secure version) instead of SHA-1, and not trust SHA-1 after January 2014. The current version is SHA-3.

Microsoft’s announcement this month states the company’s policy for deprecating use of SHA-1 for certificates issued by Windows Certification Authorities. CAs will stop issuing SHA-1 based certificates by 1/1/2016 and Windows will stop accepting them by 1/1/2017. This gives organizations a good deal of time to make the transition. There will be minimal impact on users; you just need to keep Widows updated. Web site operators will need to request new certificates before the SHA-1 certificates expire in 2017.

Summary

The recommendations Microsoft made this month in regard to discontinuing the use of RC4 and SHA-1 are logical and perhaps overdue. These older algorithms have a number of known weaknesses that make them less than ideal for encryption purposes in today’s attack-heavy Internet-connected networks. Organizations should start making plans to move away from RC4 and SHA-1 and replace them with more secure algorithms as part of your ongoing security strategy.