Microsoft Drops Aging Encryption Schemes

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

In line with their usual policy...

[relaxrelax]

In keeping with their usual policy...

They haven't banned it until they were in the "extreme weakness" zone. Because the urgent, grave, critical, spam-zombie script kiddie friendly since last year, heavy, moderate, or obscure-but-total-system-compromised weakness categories aren't enough for them to fix it. And they only react to "extreme weakness" twice a year tsk tsk tsk...

Sort of like the slammer virus fix not being part of their "hotfixes" service and delayed 6 months to be in a service pack, and a warning 2 weeks before the service pack to make sure evil doers get a head start they ignored 6 months before (due to too many other weaknesses easily used by the average script kiddy)...

Since security is their big concern this time around (according to many press releases and ads), where does that leave all other aspect of the next windows? How can it possibly get any worse?