Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks

Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years. This follows more than a decade of devastating hacks that exploited it and recent blistering criticism from a prominent US senator.

When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago ...