Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Drops Aging Encryption Schemes

Posted by Zonk on from the updating-their-friends-list dept.

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

17 of 199 comments (clear)

  1. is MD4/5 really encryption ? by Anonymous Coward · · Score: 5, Insightful


    i thought they where just one way hashing algos

    1. Re:is MD4/5 really encryption ? by owlstead · · Score: 2, Insightful

      The parent had things completely right for RSA. You are trying to put things out of context.

      You would not use RSA & private key encryption for message authenticity. But that's something different.

      Besides that, almost any cryptographic algorithm depends on a specific scheme or protocol (padding/hashing etc) to protect against crypto-analyses. Nowhere is said that the parent of your post was refering to "plain-vanilla" RSA either. That's like saying that if you talk about AES, you are being foolish, since you have to use CBC instead of ECB to be secure. Yeah, well, duh!

  2. one down, one to go by cryptoz · · Score: 5, Insightful

    Even if Vista and related products use higher encryption, Windows' obsessive temp file creation, along with swap files, seems to minimize the effect that using encryption has, right?

    I mean, sure, it'll be much harder to brute force any MS encryption now, but did people do it that way before? Weren't there always other workarounds that will still be present?

    1. Re:one down, one to go by KiloByte · · Score: 2, Insightful

      This change has nothing to do with security.
      It's all about buzzword-compliancy. It's managers who decide on a company's spending; the managers read overhyped news about "SHA1 getting broken" while the only thing the recent papers provided was a very expensive method to brute-force a hash collision -- [b]any[/b] collision, not a message that matches a given hash. In the managers' minds, those encryption algorithms are worthless now -- and it's a very well-known fact that managers never accept being corrected by those who know better.

      This policy is just like getting a million dollar certified oxygen tank and then securing it with a clothesline peg. Who cares that the end result is flaky, if you can claim that you used the best tank available!?

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    2. Re:one down, one to go by RealityMogul · · Score: 4, Insightful

      I wonder if they're still going to support the LANMAN hashes in Vista. Nothing is quite as smart as storing the easily cracked hash right next to the more secure one.

    3. Re:one down, one to go by amodm · · Score: 2, Insightful

      While I agree with your "securing a million dollar tank with a clothesline peg" statement, the actual discard of the older algos might make a lot of sense from a decision making perspective.

      This is going to be a major (debatable) release for Microsoft after a long long time. Typically the time gap between major releases is huge for microsoft. In this time gap, all kinds of new attacks against crypto algos are discovered (http://it.slashdot.org/article.pl?sid=05/08/18/22 47245&tid=93&tid=172).

      If they don't drop the old algos, they are basically promising support for them for that major gap of time, in which it can become quite vulnerable. By choosing the latest (plus highly verified world over) algos, they are at least trying to be in a safe position (which of course can be compromised by other ways, but thats not the point i'm making here).

      From a management perspective, it makes good sense to discard the old algos.

    4. Re:one down, one to go by Fahrenheit+450 · · Score: 4, Insightful

      I was going to mod you Overrated, but I decided to post instead.

      This is not about buzzword compliance. The three algorithms that they are banning should have been done away with years ago. DES has been fairly easily crackable via burute force for nearly a decade now, and MD4 has had issues for just about as long. And now that collisions can be found for MD4 essentially by hand, it shouldn't be used for anything of any importance.

      Hell, even NIST is recommending that people start figuring out ways to phase out their use of SHA-1, which is still practically secure, but starting to show cracks. And if there ever was an orginization free of buzzwords, it's NIST (I dare you to read some of their FIPS documents without passing out).

      This is a good move that nedeed to be done. It's a step in the right direction -- now they need to get on with shoring up the other holes in their codebase.

      --
      -30-
  3. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  4. So LM hashes are out! Yay! by Anonymous Coward · · Score: 3, Insightful

    If this is true then LM hashes, which use DES, are on their way out finally. It's going to break some backwards compatibility, but it will go a long way in fixing some of the most obvious, http://www.antsight.com/zsl/rainbowcrack/, privelage escalation problems.

  5. Re:The real reason... by scruffy · · Score: 4, Insightful

    In addition, Microsoft doesn't hold any patents on those algorithms, and they have open specifications.

  6. Re:I'm not sure but.... by leuk_he · · Score: 5, Insightful

    Yep, what means you have to upgrade to an supported OS to be able to connect vista? Since win2000 is not supoorted they won't be upgraded and they cannot connect to vista.

    Upgrade in the name of security!

    Of you can go deep down in vista and enable an option for OLD/depreciated NTLM supported, giving you much popups about that your OS not being safe WARNIGN WARNING WARNING.!

  7. HAHAHAHAHA!!! by Anonymous Coward · · Score: 0, Insightful

    Oh MAN! Double ROT13!!! That's like...no encryption at all, so there would be no point in using it! But you humourously suggested that it would be secure which is SO HILARIOUS - that's one gag I've never seen before on Slashdot, ever. Quite incredible. Sir, I salute you.

  8. Will this help the security of Vista? by hritcu · · Score: 2, Insightful

    Well ... I know that these criptography standards are begining to be dated, and it is very likely that we will see more successful brute force atacks on them in the following years. However, I wonder if changing them will have a noticeable positive effect on the security of Vista. How many of the many exploitable holes in Windows XP are due to bad criptography, and how many are due to bad design and policies?

    --
    If you don't fail at least 90 percent of the time, you're not aiming high enough. (Alan Kay)
  9. Re:AES & SHA256 are young by Thuktun · · Score: 4, Insightful

    There's already a crack for AES.. check the archives.

    I wouldn't call it a crack, more of a theoretical vulnerability. When the attack's complexity exceeds the number of atoms in the universe, it doesn't seem much like a "crack".

  10. So what's wrong with these? by Anonymous Coward · · Score: 2, Insightful

    I checked and it looks like MD5 has the same problems any hashing function would. Namely that you can't take infiniti and squeeze it into a jar of fixnum bytes without more than one number between 0 and infiniti resulting in the same value for F.

  11. Re:Automated checking by jmulvey · · Score: 3, Insightful

    I totally agree. Compare Microsoft's reaction to security problems with what has happened in the *nix world with NFS and NIS.

    NIS is the biggest, steamiest pile of insecurity ever conceived... and NFS is built right on top of it. But nobody every screams and yells on slashdot about how insecure it is... I guess because it was developed by people who didn't work for the "evil empire".

  12. I hope They Fix .Net Then by szyzyg · · Score: 2, Insightful

    Right now you can generate SHA256 hashes, but you can't sign anything using SHA256 because it's not supported. Mono of course handles this without any problem.