Security Stop Press : Microsoft’s RSA Key Policy Change

Microsoft is making a security-focused policy change that will see RSA keys with lengths shorter than 2048 bits deprecated. RSA keys are algorithms used for secure data encryption and decryption in digital communications, i.e. to encrypt data for secure communications over an enterprise network.

However, with RSA encryption keys becoming vulnerable to advancing cryptographic techniques (driven by advancements in compute power) the decision by Microsoft to depreciate them is being seen as a way to stop organisations from using what is now seen as a weaker method of authentication.

Also, the move by Microsoft will help bring the industry in line with recommendations from the internet standards and regulatory bodies who banned the use of 1024-bit keys in 2013 and recommended that RSA keys should have a key length of 2048 bits or longer.

An Apple Byte : Push Notification Policy Change

Following U.S. Senator Ron Wyden revealing that governments can secretly force Apple and Google to hand over the contents of push notifications sent to customers’ phones, Apple has said it’s changed its policy and will no longer do so without a valid judge’s order. This will be either a court order or a search warrant.

Push notifications are the pop-up messages that are sent to phones to alert users to new messages, news, and app-based updates. However, since these notifications are routed through Apple and Google servers, Apple and Google can disclose them to governments as part of surveillance about how people are using certain apps.

Apple’s policy change was made to a passage in its guidelines without an official statement although Google issued a statement saying it had always required judicial approval to hand over this kind of information.