[OT] Micro$oft versus security

Rob D. 162144 at gmail.com
Wed Sep 21 23:47:34 PDT 2005


walt wrote:
I just got this item from SANS, and I still can't quite believe
what my eyes are seeing:
==============================================
  --Microsoft Bans Weak Crypto in New Code
(15 September 2005)
A new policy at Microsoft bans developers from using functions using the
DES, MD4, MD5 and in some cases the SHA1 encryption algorithms in their
code because increasingly sophisticated cyber attacks are threatening
the security of these algorithms.  Microsoft recommends the use of the
(Secure Hash Algorithm) SHA256 encryption algorithm and (Advanced
Encryption Standard) AES cipher.  The decision comes as part of
Microsoft's twice-a-year update to its Secure Development Lifecycle
policies.  The company also hopes eventually to remove the vulnerable
encryption from older code.
http://www.eweek.com/print_article2/0,1217,a=160307,00.asp
[Editor's Note (Schultz): Microsoft deserves a proverbial round of
applause for its decision concerning use of cryptography in its
products.
(Schneier): This will improve potential security for their products at
the cost of backwards compatibility -- I call that a good trade-off.]
===============================================
I have Schneier's second edition of Applied Cryptography (which is
where I learned what little I know about the subject) and he does a
good imitation of someone who really knows the subject.
I can cite decades of bad (or ridiculous) decisions by M$ concerning
anything to do with security -- but seeing Schneier's name attached to
this article makes me wonder if things have changed...
Anyone here agree that MD5 and SHA1 are 'weak' crypto?  Any other
thoughts about the subject?


http://www.cits.rub.de/MD5Collisions/

To many crypto/authentication algorithms, if two files (or messages)
have the same hash and same size, then they're identical.
I think the general consensus in the crypto community is that MD5 and
SHA-1 shouldn't be used in any new designs, especially considering that
stronger (and longer) hash algorithms already exist.  If the
researchers keep cracking away at MD5, schemes that already use it might
have to be outright replaced, if that's not already the case.
I wish I was more of an expert on this, and apologies to the crypto
community if I've misrepresented their views.
--
Rob D.




More information about the Users mailing list