Microsoft ending support for RC4 cipher in early 2016

Microsoft has announced that it is ending support for RC4 cipher in both Internet Explorer 11 and Edge. This will begin in the early parts of 2016, and as such, it will no longer be used in TLS fallback discussions.

The reason why Microsoft is ditching RC4 cipher is because it is no longer cryptographically secure, according to the industry at large. The announcement from Microsoft falls in line with similar statements from Mozilla and Google, as both companies have ended support for RC4 cipher in Firefox and Chrome, respectively.

rc4 cipher

At the moment, it is not sure what Microsoft intends to use to replace RC4 cipher, but we’re guessing the company must have something in mind hence it wouldn’t just outright choose to get rid of it without a plan for the future.

What is RC4 cipher

It is a stream cipher that first came to prominence back in 1987, and since then, the platform has been used by almost all web browsers and many online services.

The age of RC4 cipher is probably the defining factor in why it is no longer secure enough. From what we’ve come to understand, attackers can take days, if not hours, to break RC4. Once attackers are in, they will have access to plaintext files among other things.

Will the move from RC4 cipher affect me?

Microsoft says the percentage of websites that support RC4 at this point is small and shrinking. However, the software giant did not specify how little, and by what rate is support shrinking.

It should mean that only a small amount of users on the web may come across issues, but the majority are expected to not even realize that RC4 is no longer in use.

Posted by with Tags
Vamien McKalin possesses the awesome power of walking on water like a boss. He's also a person who enjoys writing about technology, comics, video games, and anything related to the geek world.

One Comment

  1. Dan

    It’s a good step that one of the most-used browsers won’t support RC4, and hopefully IE/Edge will go further and not support less than TLS 1.2…secure sites need such industry impetus to upgrade. The other year many USA banks went back to RC4 in reaction to BEAST attacks re 256 AES at the time; one my wife uses has been found to have now gone from RC4 to RSA 2048 bit (extended)…which doesn’t support TLS 1.2 or forward secrecy, leaving it open to more attacks than just BEAST, and supports weak D-H parameters so a hacker can downgrade banking encryption. BTW, IE to me appears to also be the only browser reliably not supporting weak D-H (sometimes FF, Opera do but depending on version). Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 3 =