Slashdot Mirror
Microsoft Drops Aging Encryption Schemes
christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."
With the power of today's computers twice just isn't enough.
You'll need to use atleast rot13 x 1024k to be really secure.
I agree totally, many grey/black hats are exploring MS code for holes to exploit, and when identified they either start to be exploited, or they go into a closed backroom session to try and fix them privately (makes sense really). The only trouble with this is the time it takes to actually produce a fix. I think its improving, and MS appears to be "getting it" a lot more recently.
Open Source does not magically solve every problem, but where it shines above closed systems is when a hole is identified, it can be looked on and picked over and solved much quicker than a closed source product.
However, I personally think Firefox has this wrong at present, whereby identified bug discussions can be censored. It could lead to a backlash of sorts if the fixes are buried for a long time.
liqbase
Come on, we all know that we should be using at least 2ROT13[warning:pdf] by now.