Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Drops Aging Encryption Schemes

Posted by Zonk on from the updating-their-friends-list dept.

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

7 of 199 comments (clear)

  1. is MD4/5 really encryption ? by Anonymous Coward · · Score: 5, Insightful


    i thought they where just one way hashing algos

  2. one down, one to go by cryptoz · · Score: 5, Insightful

    Even if Vista and related products use higher encryption, Windows' obsessive temp file creation, along with swap files, seems to minimize the effect that using encryption has, right?

    I mean, sure, it'll be much harder to brute force any MS encryption now, but did people do it that way before? Weren't there always other workarounds that will still be present?

    1. Re:one down, one to go by RealityMogul · · Score: 4, Insightful

      I wonder if they're still going to support the LANMAN hashes in Vista. Nothing is quite as smart as storing the easily cracked hash right next to the more secure one.

    2. Re:one down, one to go by Fahrenheit+450 · · Score: 4, Insightful

      I was going to mod you Overrated, but I decided to post instead.

      This is not about buzzword compliance. The three algorithms that they are banning should have been done away with years ago. DES has been fairly easily crackable via burute force for nearly a decade now, and MD4 has had issues for just about as long. And now that collisions can be found for MD4 essentially by hand, it shouldn't be used for anything of any importance.

      Hell, even NIST is recommending that people start figuring out ways to phase out their use of SHA-1, which is still practically secure, but starting to show cracks. And if there ever was an orginization free of buzzwords, it's NIST (I dare you to read some of their FIPS documents without passing out).

      This is a good move that nedeed to be done. It's a step in the right direction -- now they need to get on with shoring up the other holes in their codebase.

      --
      -30-
  3. Re:The real reason... by scruffy · · Score: 4, Insightful

    In addition, Microsoft doesn't hold any patents on those algorithms, and they have open specifications.

  4. Re:I'm not sure but.... by leuk_he · · Score: 5, Insightful

    Yep, what means you have to upgrade to an supported OS to be able to connect vista? Since win2000 is not supoorted they won't be upgraded and they cannot connect to vista.

    Upgrade in the name of security!

    Of you can go deep down in vista and enable an option for OLD/depreciated NTLM supported, giving you much popups about that your OS not being safe WARNIGN WARNING WARNING.!

  5. Re:AES & SHA256 are young by Thuktun · · Score: 4, Insightful

    There's already a crack for AES.. check the archives.

    I wouldn't call it a crack, more of a theoretical vulnerability. When the attack's complexity exceeds the number of atoms in the universe, it doesn't seem much like a "crack".