Microsoft Warns Customers Away From RC4 and SHA-1

Trailrunner7 writes "The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said it is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm. RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications. The company also said that as of January 2016 it will no longer will validate any code signing or root certificate that uses SHA-1."

Pay no attention to the man behind the Back Door..

[icebike]

Why in gods name would a company that backdoored their entire crypto stack to the NSA worry that
some crypto code is weak?

Re:SHA1? insecure?

[Shimbo]

So why warn away from SHA1 NOW?

If developers are using it today, then you will be next year, and the year after, when attack are more feasible.

what are we going to use?

I'm not a cryptography expert but if SHA-1 is too weak, and SHA-3 not quite there yet, why not SHA-2?

Re:SHA1? insecure?

Specifically the 2nd SHA family are usually called SHA-224, SHA-256, SHA-384, and SHA-512

Re:The time has come the walrus said...

[fatphil]

Just plain wrong.

In the field of cryptography, the term "broken" is used whenever the work factor to crack is less than that of a brute force attack. Stevens' 2^61 collision attack against SHA1 means that SHA1 is broken.