New evidence that that Microsoft really has hired somebody who knows an iota about security. According to reports, the company is not only going to use the arrival of Vista to clean up its act as regards encryption, but set a new industry benchmark in the area. Astonishing.
Microsoft and encryption indeed security generally say some havent always travelled well, thanks to the hodge-podge of olde-world schemes it uses today. Now according to sources it is calling time on the use of DES (used in a variety of encryption applications), and MD4 and MD5 (message digests used to authenticate whether data exchanges have been tampered with).
The interesting news is that the company is now unhappy with SHA-1 as well.
Weve already written on the theoretical pummelling meted out to SHA-1 in recent months, any it has been blogged a bit here too. But by issuing these recommendations on SHA-1, Microsoft is joining the debate and coming out firmly against the hash.
No matter that the attacks against SHA-1 are just paper ones, and Chinese paper tiger ones at that. A hash can withstand a certain amount of such invasion, but it is not going to stand up to a chance comment made by someone from the worlds most important software company.
Techworld readers might also recall the really daft issue that turned up in Word and Excel encryption last Winter. And all because the software used the geriatric hash function RS4. We surmise that this problem has now been fixed in recent updates of Office, though you usually have to watch very carefully to figure out that anything has actually happened.
It is always better to anticipate problems than constantly react to them in the way that governments are wont to.