Slashdot Mirror


Microsoft Drops Aging Encryption Schemes

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

6 of 199 comments (clear)

  1. ROT13 by Anonymous Coward · · Score: 5, Funny

    Presumably they haven't banned ROT13 then.

    1. Re:ROT13 by wertarbyte · · Score: 4, Funny

      Funny enough, IIRC Outlook Express is still not able to encrypt messages with ROT13. It just has the ability to decode them.

      --
      Life is just nature's way of keeping meat fresh.
  2. Automated checking by LiquidCoooled · · Score: 5, Funny

    Developers who use one of the banned cryptographic functions in new code will have it flagged by automated code scanning tools and will be asked to update the function to something more secure, Howard said.

    C:\ > make windows.vista
    ERROR: Insecure code found.
    Please upgrade code to Linux.

    --
    liqbase :: faster than paper
  3. The real reason... by bigtallmofo · · Score: 4, Funny

    DES, MD4, MD5 and, in some cases, the SHA1 encryption algorithm, which are "way too complicated to understand," said Michael Howard, senior security program manager at the company. "Instead, our R&D lab is doing great things with sophisticated XOR encryption that should be enough security for just about anyone."

    --
    I'm a big tall mofo.
  4. improving encryption by myukew · · Score: 4, Funny

    this post is rot13 encrypted. twice. to improve security.

  5. Alte4rnative encyrption schemes available.. by Rob+T+Firefly · · Score: 5, Funny

    Microsoft has promised additional encryption schemes for power users, including ig-pay atin-lay, leaving out every third word, and Navajo code talkers.