Microsoft to retire RC4 cipher after decade of deprecation efforts

Microsoft said it has steadily worked over the past decade to deprecate the RC4 cipher and now has the flexibility to kill it outright, company engineers wrote in a public account of the effort. Steve Syfuhs, who runs Microsoft’s Windows Authentication team, said the work was difficult because RC4 “is present in every OS that’s shipped for the last 25 years and was the default algorithm for so long.” He added that “the problem is not that the algorithm exists.

The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes.” Over two decades developers found a raft of critical RC4 vulnerabilities that required “surgical” fixes. Microsoft considered deprecating RC4 by this year but “punted” after discovering further issues; it also introduced “minor improvements” that favored AES, and usage dropped by “orders of magnitude” to “basically nil” within a year.

Microsoft noted that RC4’s cipher weaknesses are separate from Kerberoasting, an Active Directory attack that exploits an implementation weakness: Kerberoasting uses no cryptographic salt and a single round of the MD4 hashing function. Salt adds random input to each password before hashing and forces attackers to invest more time and resources to crack hashes, while MD4 is a fast algorithm that requires modest resources.

Key Topics

Tech, Microsoft, Kerberoasting, Active Directory, Steve Syfuhs, Aes