rc4

microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

Biz & IT, Encryption, rc4, Security, Windows Server / /

Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn’t easy.

No salt, no iteration? Really?

“The problem though is that it’s hard to kill off a cryptographic algorithm that is present in every OS that’s shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft’s Windows Authentication team, wrote on Bluesky. “See,” he continued, “the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes.”

Over those two decades, developers discovered a raft of critical RC4 vulnerabilities that required “surgical” fixes. Microsoft considered deprecating RC4 by this year, but ultimately “punted” after discovering vulnerabilities that required still more fixes. During that time Microsoft introduced some “minor improvements” that favored the use of AES, and as a result, usage dropped by “orders of magnitude.”

“Within a year we had observed RC4 usage drop to basically nil. This is not a bad thing and in fact gave us a lot more flexibility to kill it outright because we knew it genuinely wasn’t going to break folks, because folks weren’t using it.”

Syfuhs went on to document additional challenges Microsoft encountered and the approach it took to solving them.

While RC4 has known cipher weaknesses that make it insecure, Kerberoasting exploits a separate weakness. As implemented in Active Directory authentication, it uses no cryptographic salt and a single round of the MD4 hashing function. Salt is a technique that adds random input to each password before it is hashed. That requires hackers to invest considerable time and resources into cracking the hash. MD4, meanwhile, is a fast algorithm that requires modest resources. Microsoft’s implementation of AES-SHA1 is much slower and iterates the hash to further slow down cracking efforts. Taken together, AES-Sha1-hashed passwords require about 1,000 times the time and resources to be cracked.

Windows admins would do well to audit their networks for any usage of RC4. Given its wide adoption and continued use industry-wide, it may still be active, much to the surprise and chagrin of those charged with defending against hackers.

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc Read More »

senator-blasts-microsoft-for-making-default-windows-vulnerable-to-“kerberoasting”

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Active Directory, Biz & IT, microsoft, ransomware, rc4, Security / /

Wyden said his office’s investigation into the Ascension breach found that the ransomware attackers’ initial entry into the health giant’s network was the infection of a contractor’s laptop after using Microsoft Edge to search Microsoft’s Bing site. The attackers were then able to expand their hold by attacking Ascension’s Active Directory and abusing its privileged access to push malware to thousands of other machines inside the network. The means for doing so, Wyden said: Kerberoasting.

“Microsoft has become like an arsonist”

“Microsoft’s continued support for the ancient, insecure RC4 encryption technology needlessly exposes its customers to ransomware and other cyber threats by enabling hackers that have gained access to any computer on a corporate network to crack the passwords of privileged accounts used by administrators,” Wyden wrote. “According to Microsoft, this threat can be mitigated by setting long passwords that are at least 14 characters long, but Microsoft’s software does not require such a password length for privileged accounts.”

Additionally, Green noted, the continuing speed of GPUs means that even when passwords appear to be strong, they can still fall to offline cracking attacks. That’s because the security cryptographic hashes created by default RC4/Kerberos use no cryptographic salt and a single iteration of the MD4 algorithm. The combination means an offline cracking attack can make billions of guesses per second, a thousandfold advantage over the same password hashed by non-Kerberos authentication methods.

Referring to the Active Directory default, Green wrote:

It’s actually a terrible design that should have been done away with decades ago. We should not build systems where any random attacker who compromises a single employee laptop can ask for a message encrypted under a critical password! This basically invites offline cracking attacks, which do not need even to be executed on the compromised laptop—they can be exported out of the network to another location and performed using GPUs and other hardware.

More than 11 months after announcing its plans to deprecate RC4/Kerberos, the company has provided no timeline for doing so. What’s more, Wyden said, the announcement was made in a “highly technical blog post on an obscure area of the company’s website on a Friday afternoon.” Wyden also criticized Microsoft for declining to “explicitly warn its customers that they are vulnerable to the Kerberoasting hacking technique unless they change the default settings chosen by Microsoft.”

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” Read More »