 |
Windows 7: RSA Key Blocking is Coming
|
21 Jul 2012
|
#1 | |
Windows 7 Home Premium x64 SP1 Bay Area Peninsula |
RSA Key Blocking is Coming
Quote: In August 2012, Microsoft will issue a critical security update for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use of RSA cryptographic keys that are less than 1024 bits. Source
A Guy | My System Specs |
| OS Windows 7 Home Premium x64 SP1
CPU INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard ASUS P7P55D
Memory KINGSTON 4GB (2 x 2GB) HyperX PC3-12800 DDR3 1600MHz CL8
Graphics Card MSI N240GT-MD1G/D5 GeForce GT 240 1GB 128-bit GDDR5
Monitor(s) Displays Samsung SyncMaster B2430H 24"
Screen Resolution 1920 x 1080
PSU ANTEC TruePower New TP-550, 80 PLUS, 550W
Case ANTEC Three Hundred Illusion
Cooling COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Hard Drives Intel X25M Gen2 80GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
Internet Speed 20 + Mbps
Antivirus Avast
Browser Opera
|
21 Jul 2012
|
#2 | |
W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE Indian Territory |
While higher bits are great for security, I just checked and the highest that Opera uses, which I imagine is still higher than other browsers, is only 256 bit. It sounds to me that MS is attempting to block all encryption. | | My System Specs | | System Manufacturer/Model Number DIY
OS W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
CPU Phenom II 1090T w/Noctua NH-D14 /**4400+ X2 w/CM Hyper TX 3
Motherboard ASRock 890FX Deluxe 4/**A8N-SLI
Memory 2 x 2GB Patriot PGS34g1600LLKA/**4x1GB Corsair VS
Graphics Card EVGA GTX460 SC/**EVGA 8800GTS
Sound Card Asus Xonar D2X/**Xonar D1
Monitor(s) Displays Acer X233H, Dell E152FPc /**LG M237-WD
Screen Resolution 1920x1080 & 1024x768/**1980x1080
Keyboard Logitech Media USB/**Saitek Eclipse
Mouse Cordless Trackman Wheel/**Ditto
PSU CM RS600 w/ APC BX1000G/**Antec 500 TP w/ APC BX1000
Case HAF922/**Antec 1040IIB
Cooling 3x200mm, 1x140 and 1x120mm/**5x80mm fans
Hard Drives WDC 2TB, 1.5TB, 1TB, 500GB,Seagate 500GB , Maxtor 80GB /**500GB Seagate & WDC 1TB Black
Internet Speed 3.3Mbps
Other Info SB 560 5.1 w/ Sennheiser RS140/**Creative T20 speakers, Dvico FusionHDTV7 Gold RT, Cisco E3000, HP 5510V AIO, Linksys E3000, Belkin F5U237 hub and **F5D8055 adapter
(** = 2nd rig)
|
21 Jul 2012
|
#3 | |
Windows 7 Ultimate x64 SP1 Los Angeles, CA, USA |
@seekermeister: IE9 also uses 256-bit.
I'll probably just skip the update, personally; the ramifications here are overbearing and potentially disruptive and I don't see any real-world benefit from forcing 1024-bit minimum, it's not like we can't use 1024-bit encryption and up without this update. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number N/A (custom-built)
OS Windows 7 Ultimate x64 SP1
CPU Intel Core i7 2700K @ 3.5GHz (TurboBoost disabled)
Motherboard ASUS P8Z68-V/GEN3
Memory 16GB (4x4GB) Kingston HyperX DDR3 1600MHz @ 1333MHz
Graphics Card Nvidia EVGA GeForce 560 Ti 448 Cores
Sound Card Realtek High Definition Audio (motherboard integrated)
Monitor(s) Displays NEC Multisync EX231W
Screen Resolution 1920x1080 @ 60Hz via DVI-D
Keyboard Steelseries 6Gv2
Mouse Steelseries Sensei RAW Glossy, Logitech M500
PSU Corsair Professional Series Gold AX850
Case Antec 300
Cooling Air-cooling
Hard Drives 2x Western Digital 1TB SATA3 Caviar Black Internal HDD // 1x WD 500GB USB 3.0 "My Passport Essential" External HDD // 1x WD 1TB USB 3.0 "My Passport Essential" External HDD // 2x WD 2TB USB 3.0 "My Passport Essential" External HDD
Internet Speed DSL
Antivirus Microsoft Security Essentials
Browser Mozilla Firefox, Opera, Chromium, IE9
|
21 Jul 2012
|
#4 | |
W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE Indian Territory |
Yes, but skipping the update doesn't necessarily eliminate the problem, because I would bet that the servers on many websites will get it, and that would prevent them from using the lower bit rate to work with the user browsers. Opera used to have a little padlock icon to indicate when encryption was functioning, but I don't find it now.
EDIT: Found it! They now have it appear in the address field when going to a secure website. | | My System Specs | | System Manufacturer/Model Number DIY
OS W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
CPU Phenom II 1090T w/Noctua NH-D14 /**4400+ X2 w/CM Hyper TX 3
Motherboard ASRock 890FX Deluxe 4/**A8N-SLI
Memory 2 x 2GB Patriot PGS34g1600LLKA/**4x1GB Corsair VS
Graphics Card EVGA GTX460 SC/**EVGA 8800GTS
Sound Card Asus Xonar D2X/**Xonar D1
Monitor(s) Displays Acer X233H, Dell E152FPc /**LG M237-WD
Screen Resolution 1920x1080 & 1024x768/**1980x1080
Keyboard Logitech Media USB/**Saitek Eclipse
Mouse Cordless Trackman Wheel/**Ditto
PSU CM RS600 w/ APC BX1000G/**Antec 500 TP w/ APC BX1000
Case HAF922/**Antec 1040IIB
Cooling 3x200mm, 1x140 and 1x120mm/**5x80mm fans
Hard Drives WDC 2TB, 1.5TB, 1TB, 500GB,Seagate 500GB , Maxtor 80GB /**500GB Seagate & WDC 1TB Black
Internet Speed 3.3Mbps
Other Info SB 560 5.1 w/ Sennheiser RS140/**Creative T20 speakers, Dvico FusionHDTV7 Gold RT, Cisco E3000, HP 5510V AIO, Linksys E3000, Belkin F5U237 hub and **F5D8055 adapter
(** = 2nd rig)
|
24 Jul 2012
|
#5 | |
Windows 7 Professional x64 Service Pack 1 Morecambe, Lancashire, England |
What you're looking at isn't the RSA encryption. It's the AES encryption, which comes in 128, 192 and 256 bit variants.
The RSA key is something else and is the public and private keys used. RSA is used to authenticate users. When you send an encrypted message, to say a server. The server will have the private RSA key. A client will send the encrypted message, as well as the public RSA key they hold. You need the public and private key to match up to be able to communicate. RSA keys nowadays use between 1024 bit and 4096 bit key sizes, so the update will stop smaller key sizes being used.
And I don't see it affecting much. All that needs to be changed after is new keys generated with a higher cryptography. | | My System Specs | | System Manufacturer/Model Number Custom Built
OS Windows 7 Professional x64 Service Pack 1
CPU Intel Core i7 920 3.2GHz
Motherboard ASUS Sabertooth x58
Memory 6GB XMS3 Corsair 1333MHz
Graphics Card Zotac Nvidia Geforce GTX470
Sound Card ASUS Xonar DX/XD 7.1
Monitor(s) Displays Dell 24" S2409W + Dell 20" E207WFP
Screen Resolution 1920x1080 + 1680x1050
Keyboard Logitech G11 Keyboard
Mouse Logitech G5 Laser Mouse (2007 edition)
PSU Corsair HX850 modular
Case Coolermaster 690II Advanced Nvidia Edition
Cooling Corsair H60
Hard Drives 1x 120GB OCZ Vertex 2E, 1x 750GB Western Digital Caviar Black, 1x 1TB Western Digital Caviar Green
Internet Speed 16Mbps
Other Info LG Blu-Ray player
|
24 Jul 2012
|
#6 | |
Windows 7 Home Premium x64 SP1 Bay Area Peninsula |
Quote: Originally Posted by Everlong  What you're looking at isn't the RSA encryption. It's the AES encryption, which comes in 128, 192 and 256 bit variants.
The RSA key is something else and is the public and private keys used. RSA is used to authenticate users. When you send an encrypted message, to say a server. The server will have the private RSA key. A client will send the encrypted message, as well as the public RSA key they hold. You need the public and private key to match up to be able to communicate. RSA keys nowadays use between 1024 bit and 4096 bit key sizes, so the update will stop smaller key sizes being used.
And I don't see it affecting much. All that needs to be changed after is new keys generated with a higher cryptography. Thanks Harry, I knew the gist of that, but every explanation I found was way to geeky 
A Guy | | My System Specs | | OS Windows 7 Home Premium x64 SP1
CPU INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard ASUS P7P55D
Memory KINGSTON 4GB (2 x 2GB) HyperX PC3-12800 DDR3 1600MHz CL8
Graphics Card MSI N240GT-MD1G/D5 GeForce GT 240 1GB 128-bit GDDR5
Monitor(s) Displays Samsung SyncMaster B2430H 24"
Screen Resolution 1920 x 1080
PSU ANTEC TruePower New TP-550, 80 PLUS, 550W
Case ANTEC Three Hundred Illusion
Cooling COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Hard Drives Intel X25M Gen2 80GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
Internet Speed 20 + Mbps
Antivirus Avast
Browser Opera
|
25 Jul 2012
|
#7 | |
Windows 7 Professional x64 Service Pack 1 Morecambe, Lancashire, England |
You're welcome, it can get all quite confusing lol. | | My System Specs | | System Manufacturer/Model Number Custom Built
OS Windows 7 Professional x64 Service Pack 1
CPU Intel Core i7 920 3.2GHz
Motherboard ASUS Sabertooth x58
Memory 6GB XMS3 Corsair 1333MHz
Graphics Card Zotac Nvidia Geforce GTX470
Sound Card ASUS Xonar DX/XD 7.1
Monitor(s) Displays Dell 24" S2409W + Dell 20" E207WFP
Screen Resolution 1920x1080 + 1680x1050
Keyboard Logitech G11 Keyboard
Mouse Logitech G5 Laser Mouse (2007 edition)
PSU Corsair HX850 modular
Case Coolermaster 690II Advanced Nvidia Edition
Cooling Corsair H60
Hard Drives 1x 120GB OCZ Vertex 2E, 1x 750GB Western Digital Caviar Black, 1x 1TB Western Digital Caviar Green
Internet Speed 16Mbps
Other Info LG Blu-Ray player
|
25 Jul 2012
|
#8 | |
Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1 Central Pa. |
So...What does this mean for the average home user like me, will it be invisible or at some point down the road rear its head to bite me?
I tried the Code: Certutil -dstemplate | findstr "[ msPKI-Minimal-Key-Size"| findstr /v "1024 2048 4096" CMD in an elevated CMD window, and it must of ran, because it went right back to C:\Windows\system32> with no results, and without me having to touch return.
I imagine I have no templates. Is that good or bad? | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Gateway DX4831e (Mid-Tower Desktop)
OS Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
CPU Intel i3 530 2.93GHz, 2933MHz 2 Cores 4 Logical Processors
Motherboard Gateway H57M01 133 megahertz
Memory 6GB of 1,333MHz DDR3 SDRAM
Graphics Card 32MB Intel Graphics Media Accelerator HD IGChip
Sound Card Realtek High Definition Audio
Monitor(s) Displays Gateway HX2000 20inch TFT active matrix TN
Screen Resolution 1600 x 900 x 59 hertz
Keyboard MS 'Natural' Standard PS/2 Enhanced 101-102 Key
Mouse Gateway USB wired optical
PSU 300watts.
Case Mid-Tower Desktop
Cooling Stock from Gateway
Hard Drives WDC WD10EADS-00M2B0 [HDD] (1000.20 GB) -- drive 0,
HL-DT-ST DVDRAM GH41N [CD-ROM dr]
HP Photosmart Plus B210a e_series AIO Printer
Four card readers, and Four USB 2.0
Internet Speed Verizon FIOS 24.57Mbps Down - 5.68Mbps up
Antivirus MSE
Browser IE9.0.8112.16421-Upd ver 9.0.13, FireFox 19.2, Opera 12.14
Other Info BIOS: American Megatrends Inc. P01-A0 11/17/2009
System Specs by Belarc.
Join Date March 27th 2010 at 10:44:15 AM.
|
26 Jul 2012
|
#9 | |
Windows 7 Professional x64 Service Pack 1 Morecambe, Lancashire, England |
Quote: Originally Posted by Anak So...What does this mean for the average home user like me, will it be invisible or at some point down the road rear its head to bite me?
I tried the Code: Certutil -dstemplate | findstr "[ msPKI-Minimal-Key-Size"| findstr /v "1024 2048 4096" CMD in an elevated CMD window, and it must of ran, because it went right back to C:\Windows\system32> with no results, and without me having to touch return.
I imagine I have no templates. Is that good or bad? Just means when using an SSL connection that no keys under 1024 bits can be used for authentication. | | My System Specs | | System Manufacturer/Model Number Custom Built
OS Windows 7 Professional x64 Service Pack 1
CPU Intel Core i7 920 3.2GHz
Motherboard ASUS Sabertooth x58
Memory 6GB XMS3 Corsair 1333MHz
Graphics Card Zotac Nvidia Geforce GTX470
Sound Card ASUS Xonar DX/XD 7.1
Monitor(s) Displays Dell 24" S2409W + Dell 20" E207WFP
Screen Resolution 1920x1080 + 1680x1050
Keyboard Logitech G11 Keyboard
Mouse Logitech G5 Laser Mouse (2007 edition)
PSU Corsair HX850 modular
Case Coolermaster 690II Advanced Nvidia Edition
Cooling Corsair H60
Hard Drives 1x 120GB OCZ Vertex 2E, 1x 750GB Western Digital Caviar Black, 1x 1TB Western Digital Caviar Green
Internet Speed 16Mbps
Other Info LG Blu-Ray player
RSA Key Blocking is Coming problems? All times are GMT -5. The time now is 11:04 AM. |  |
CPU Fan Blocking 2 RAM slots - Pls. help! 
