Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Drops Aging Encryption Schemes

Posted by Zonk on from the updating-their-friends-list dept.

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

12 of 199 comments (clear)

  1. ROT13 by Anonymous Coward · · Score: 5, Funny

    Presumably they haven't banned ROT13 then.

    1. Re:ROT13 by wertarbyte · · Score: 4, Funny

      Funny enough, IIRC Outlook Express is still not able to encrypt messages with ROT13. It just has the ability to decode them.

      --
      Life is just nature's way of keeping meat fresh.
  2. Teamwork by Ruie · · Score: 2, Funny
    The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit

    As opposed to the quarterly update by managers ?

  3. affects hardware upgrade cycles? by qwertphobia · · Score: 2, Funny

    Great... yet another reason to upgrade hardware when planning for a Vista install.

    Gotta add more cycles to the those brute-force attack teams!

    --
    Never ask for directions from a two-headed tourist! -Big Bird
  4. Automated checking by LiquidCoooled · · Score: 5, Funny

    Developers who use one of the banned cryptographic functions in new code will have it flagged by automated code scanning tools and will be asked to update the function to something more secure, Howard said.

    C:\ > make windows.vista
    ERROR: Insecure code found.
    Please upgrade code to Linux.

    --
    liqbase :: faster than paper
  5. The real reason... by bigtallmofo · · Score: 4, Funny

    DES, MD4, MD5 and, in some cases, the SHA1 encryption algorithm, which are "way too complicated to understand," said Michael Howard, senior security program manager at the company. "Instead, our R&D lab is doing great things with sophisticated XOR encryption that should be enough security for just about anyone."

    --
    I'm a big tall mofo.
  6. improving encryption by myukew · · Score: 4, Funny

    this post is rot13 encrypted. twice. to improve security.

    --
    See pictures of tits
  7. Alte4rnative encyrption schemes available.. by Rob+T+Firefly · · Score: 5, Funny

    Microsoft has promised additional encryption schemes for power users, including ig-pay atin-lay, leaving out every third word, and Navajo code talkers.

    --
    Slashdot Burying Stories About Slashdot Media Owned
    1. Re:Alte4rnative encyrption schemes available.. by Rob+T+Firefly · · Score: 2, Funny

      Not yet, I'm currently devoting all my clock cycles to elderly Italian relatives' hand signals.

      --
      Slashdot Burying Stories About Slashdot Media Owned
  8. In other words... by Jugalator · · Score: 1, Funny
    Microsoft Drops Aging Encryption Schemes

    In other words, Microsoft Drops AES?
    Man, I'm so confused now. :-p

    ...

    OK, you can stop throwing /tomatoe?s/ now.

    --
    Beware: In C++, your friends can see your privates!
  9. Translate to Devspeak by boatboy · · Score: 2, Funny

    The article is in plain English. I haven't seen it on MSDN yet, but I imagine this is the gist in developer-speak:

    Microsoft will be marking the DES, MD4, MD5 and SHA1 encryption provider classes obselete in upcoming versions of the .NET framework. While not completely insecure, these algorithms have documented vulnerabilities which mean they can be cracked or exploited in certain scenarios. FxCop will warn you when it finds these classes in use, and provide a suggested fix. Typically, this will simply envolve switching the provider you are using with the more secure SHA256 or AES providers.

  10. Re:HTTP Digest by multipartmixed · · Score: 2, Funny

    (Putting on pointy-hair wig)

    MD5 is deprecated, but every web server still supports basic authentication, which uses Base64. Hmm.

    64 is much bigger than 5, so it must be better.

    Yup. No more digest authentication, only basic will be supported! Another security problem averted; quick: call the press!

    --

    Do daemons dream of electric sleep()?