On Tuesday, Microsoft announced the end-of-support of the RC4 cipher in Microsoft Edge and Internet Explorer 11. Starting in early 2016, the RC4 cipher will be disabled by default, writes David Walp, Microsoft Edge senior program manager.
“There is consensus across the industry that RC4 is no longer cryptographically secure,” Walp says. ““Our announcement aligns with today’s announcements from Google and Mozilla, who are ending support for RC4 in Chrome and Firefox.”
RC4 is a stream cipher that was first described in 1987, and has been widely supported across Web browsers and online services. “Modern attacks have demonstrated that RC4 can be broken within hours or days,” Walp writes.
“We expect that most users will not notice this change. The percentage of insecure Web services that support only RC4 is known to be small and shrinking.”
To learn more, visit the Microsoft Edge Dev Blog.
Microsoft News Center Staff