Microsoft Drops Aging Encryption Schemes

← Back to Stories (view on slashdot.org)

Microsoft Drops Aging Encryption Schemes

Posted by Zonk on Friday September 16, 2005 @12:35AM from the updating-their-friends-list dept.

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

11 of 199 comments (clear)

Min score:

Reason:

Sort:

ROT13 by Anonymous Coward · 2005-09-16 00:37 · Score: 5, Funny

Presumably they haven't banned ROT13 then.
1. Re:ROT13 by Anonymous Coward · 2005-09-16 01:04 · Score: 5, Interesting
  
  It wasn't banned for XP. Check out HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UserAssist to see for yourself.
is MD4/5 really encryption ? by Anonymous Coward · 2005-09-16 00:37 · Score: 5, Insightful

i thought they where just one way hashing algos
1. Re:is MD4/5 really encryption ? by iamplasma · 2005-09-16 01:00 · Score: 5, Informative
  
  Well, it is true that they're hashes, not encryption methods but they can be used in a quasi-encryption manner. In particular, when it comes to hashing passwords to store an "encrypted" password, it is to a large extent the same as trying to break a known encrypted document where the key is the password. In fact, that's exactly how older unices store passwords, DES encrypting a blank document with the password as a key. So while it's true that MD5 isn't an encryption method, for the purposes of password authentication is it practically identical.
2. Re:is MD4/5 really encryption ? by Anonymous Coward · 2005-09-16 01:34 · Score: 5, Informative
  
  " That doesn't sound right to me. The whole point of keypair encryption is that anyone with the public key can encrypt, but only the people with the private key can decrypt."
  
  Not quite.
  
  Whilst it is true that any data encrypted with a public key can be decrypted only with a private key, the converse is also true. Any data encrypted with a private key can be decrypted only with the public key. This means that whoever encrypted it must have had access to the private key and thus it gives confidence in where it originated.
  
  It does not provide any confidentiality - but it's not supposed to, it is supposed to provide Integrity and message origin authentication.
  
  This is the corner stone of digital signatures.
one down, one to go by cryptoz · 2005-09-16 00:38 · Score: 5, Insightful

Even if Vista and related products use higher encryption, Windows' obsessive temp file creation, along with swap files, seems to minimize the effect that using encryption has, right?

I mean, sure, it'll be much harder to brute force any MS encryption now, but did people do it that way before? Weren't there always other workarounds that will still be present?
Automated checking by LiquidCoooled · 2005-09-16 00:41 · Score: 5, Funny

Developers who use one of the banned cryptographic functions in new code will have it flagged by automated code scanning tools and will be asked to update the function to something more secure, Howard said.

C:\ > make windows.vista
ERROR: Insecure code found.
Please upgrade code to Linux.

--
liqbase :: faster than paper
I'm not sure but.... by amodm · 2005-09-16 00:46 · Score: 5, Interesting

wasn't NTLM slightly based on/uses DES ? If thats the case, then does it mean that they are changing the algo used in SAM too ?
1. Re:I'm not sure but.... by leuk_he · 2005-09-16 01:03 · Score: 5, Insightful
  
  Yep, what means you have to upgrade to an supported OS to be able to connect vista? Since win2000 is not supoorted they won't be upgraded and they cannot connect to vista.
  
  Upgrade in the name of security!
  
  Of you can go deep down in vista and enable an option for OLD/depreciated NTLM supported, giving you much popups about that your OS not being safe WARNIGN WARNING WARNING.!
Alte4rnative encyrption schemes available.. by Rob+T+Firefly · 2005-09-16 01:09 · Score: 5, Funny

Microsoft has promised additional encryption schemes for power users, including ig-pay atin-lay, leaving out every third word, and Navajo code talkers.

--
Slashdot Burying Stories About Slashdot Media Owned
Re:Allowed by US Gov? by swillden · 2005-09-16 01:13 · Score: 5, Informative

I thought that there was a limit of encryption and everything above ...bits was banned from exporting
That has changed. Back in the days of Windows NT 4, cryptographic algorithms were classified as munitions under ITAR. In the late 90s the law was changed, removing this classification. These days, there are still some export controls on crypto, but it's fairly easy to get a permit to export anything that uses a standard, well-known algorithm, pretty much independent of key size.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.