Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the duty wasn’t easy.
No salt, no iteration? Really?
“The issue though is that it’s hard to kill off a cryptographic algorithm that’s present in every OS that’s shipped for the last 25 years and was the default algorithm for thus long, Steve Syfuhs, who runs Microsoft’s Windows Authentication team, wrote on Bluesky. “See,” he continued, “the issue is just not that the algorithm exists. The issue is how the algorithm is chosen, and the foundations governing that spanned 20 years of code changes.”
Over those 20 years, developers discovered a raft of critical RC4 vulnerabilities that required “surgical” fixes. Microsoft considered deprecating RC4 by this yr, but ultimately “punted” after discovering vulnerabilities that required still more fixes. During that point Microsoft introduced some “minor improvements” that favored the usage of AES, and because of this, usage dropped by “orders of magnitude.”
“Inside a yr we had observed RC4 usage drop to principally nil. This is just not a nasty thing and in reality gave us so much more flexibility to kill it outright because we knew it genuinely wasn’t going to interrupt folks, because folks weren’t using it.”
Syfuhs went on to document additional challenges Microsoft encountered and the approach it took to solving them.
While RC4 has known cipher weaknesses that make it insecure, Kerberoasting exploits a separate weakness. As implemented in Energetic Directory authentication, it uses no cryptographic salt and a single round of the MD4 hashing function. Salt is a way that adds random input to every password before it’s hashed. That requires hackers to take a position considerable time and resources into cracking the hash. MD4, meanwhile, is a quick algorithm that requires modest resources. Microsoft’s implementation of AES-SHA1 is way slower and iterates the hash to further decelerate cracking efforts. Taken together, AES-Sha1-hashed passwords require about 1,000 times the time and resources to be cracked.
Windows admins would do well to audit their networks for any usage of RC4. Given its wide adoption and continued use industry-wide, it should be lively, much to the surprise and chagrin of those charged with defending against hackers.
