Microsoft will kill obsolete cipher that has wreaked decades of havoc

There are so many problems with this article and the previous one it references (How weak passwords and other failings led to catastrophic breach of Ascension).

Specifically, RC4 is a stream cipher. Yet, much of the discussion is around the weakness of NTLM, and NTLM password hashes which use MD4, a hash algorithm. The discussion around offline cracking of NTLM hashes being very fast is correct.

More importantly though, the weakness of NTLM comes from a design of the protocol, not a weakness with MD4. Yes MD4 is weak, but the flaws in NTLM don't stem specifically from MD4.

Dan Goodin's reporting is usually of high quality but he didn't understand the cryptography or the protocols here, and clearly the people he spoke to didn't help him to understand.

EDIT: let me be more clear here. MS is removing RC4 from Kerberos, which is a good thing. But the article seems to confuse various NTLM authentication weaknesses and past hacks with RC4 in Kerberos.

Reasonable! Anyone who cares about AD security has been AES-only for at least a year now, and most likely much longer, and it's not like these mitigations are especially hard, unless you're still running some seriously obsolete software.

"RC4, short for Rivist Cipher 4". No, "Ron's Code 4".

And the default will now be AES-SHA1, where SHA-1 is to be deprecate by NIST in 2030. (https://www.nist.gov/news-events/news/2022/12/nist-retires-s...)

Source: https://www.microsoft.com/en-us/windows-server/blog/2025/12/...