Hey folks! I wanted to check in on how everyone's getting ready for the upcoming deprecation of RC4 in Kerberos authentication. This change is coming in a few phases with varying levels of risk. Have you run into any issues or gotchas while preparing for this transition?
5 Answers
If you haven't started phasing out RC4 yet, I'm a bit concerned. This has been a known recommendation since 2012. It's been on people's radars for ages, and it seems risky to leave it till now.
Just an interesting note: RC4 was still considered secure for a while, but it wasn't properly phased out of TLS until 2015, which shows it's been a long road.
Honestly, I'm swamped dealing with expiring UEFI Secureboot certificates due by June. It's been a real headache, but I can't afford to neglect that even with RC4 changes looming.
Just a heads up, if you miss the June deadline, all systems will still boot, but they won't get future secure boot updates. So, keep that in mind!
Wow, feeling overwhelmed here! I don’t even know what RC4 is—I think I might need to retire my sysadmin card. Can someone explain it?
It's actually an encryption standard that's been considered insecure for a long time—over three decades, in fact.
Yeah, it was introduced in the 90s but has since been replaced by more secure algorithms like AES. You're not alone in this!
Make sure you're following Microsoft's guidelines and auditing for RC4 usage. There's a solid resource on it here: [Microsoft Guidance](https://learn.microsoft.com/en-us/windows-server/security/kerberos/detect-remediate-rc4-kerberos).
Just to clarify, make sure you're looking at the right protocol scope (it’s Kerberos, not HTTP). Don't want any confusion!
We don’t actively use RC4, but if we do, we weren’t aware. If things go haywire, it’s not on us—our team is just too small to manage it all.
I feel you! I want a shirt that says this. It's so relatable!
Sounds like you might be in a tough spot. Maybe your security team should step in and manage these updates better.
Totally! RC4 has been under scrutiny since the mid-90s. It's about time people move on from this.