Microsoft said that over the past decade it has continually worked to remove support for RC4, but the task has proven difficult.
No salt, no iteration? Really?
“The problem, however, is that it is difficult to get rid of the cryptographic algorithm that is present in every operating system released over the last 25 years and has been the default algorithm for so long,” said Steve Seifuchs, Microsoft's Windows Authentication group leader. wrote on Bluesky. “You see,” he continued, “the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing it, spanning 20 years of code changes.”
Over these two decades, developers discovered many critical RC4 vulnerabilities that required surgical fixes. Microsoft considered ending support for RC4 by this year, but ultimately “missed the mark” after discovering vulnerabilities that required even more patching. During this time, Microsoft introduced several “minor improvements” favoring the use of AES, and as a result its use dropped by “orders of magnitude.”
“Over the course of a year, we saw RC4 usage drop to almost zero. That's not a bad thing and actually gave us a lot more flexibility to phase it out completely because we knew it wouldn't really break people because people weren't using it.”
Seefuhs described additional challenges Microsoft faced and the approach it took to solve them.
While RC4 has known encryption flaws that make it insecure, Kerberoasting exploits a separate vulnerability. As implemented in Active Directory authentication, it does not use a cryptographic salt and uses one round of the MD4 hashing function. Salting is a method that adds random input to each password before hashing it. This requires hackers to spend significant time and resources cracking the hash. Meanwhile, MD4 is a fast algorithm that requires modest resources. Microsoft's implementation of AES-SHA1 is much slower and repeats the hash to further slow down cracking efforts. Taken together, AES-Sha1 hashed passwords require approximately 1000 times more time and resources to crack.
Windows administrators would do well to test their networks for RC4 usage. Given its widespread use and continued use throughout the industry, it may still be active, much to the surprise and chagrin of those tasked with protecting against hackers.
