Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security.
Rivest-Shamir-Adleman (RSA) — is an asymmetric encryption system that uses pairs of public and private keys to encrypt data, the strength of which directly depends on the key length. The longer these keys are, the harder they are to crack.
1024-bit RSA keys are roughly equivalent in terms of security to 80-bit symmetric keys, while a 2048-bit key is equivalent to about a 112-bit symmetric key. This makes its decomposition 4 billion times longer. Industry experts believe that 2048-bit keys are secure until at least 2030.
RSA keys are used in Windows for several purposes, including server authentication, data encryption, and communication integrity. Microsoft’s decision to change the minimum requirement for RSA keys to 2048 bits or more for certificates used in TLS server authentication is important to protect organizations from weak encryption.
This move is likely to affect organizations that use legacy software and network devices, such as printers, that use 1024-bit RSA keys. Consequently, they will lose the ability to authenticate to Windows servers.
Microsoft has not specified when exactly the support for 1024-bit RSA keys in Windows will end. It is likely that the corporation will provide a transition period, as it did with the termination of support for keys up to 1024 bits in 2012. During this grace period, Windows administrators can configure logging to determine which devices are trying to connect using the old keys and which will be affected by this change. At the same time, Microsoft strongly recommends that organizations migrate to RSA keys of 2048 bits or longer as soon as possible.
Source: bleepingcomputer