DragonFly users List (threaded) for 2005-09
Re: [OT] Micro$oft versus security
For those, like me, who are not at ease with mathematics but still want
to have a practical understanding of the problem, I can only recommand
O'Reilly's "Secure programming Cookbook for C and C++". Although I don't
cod in C, it gave me a good insight into applied crypto and security
Rob D. wrote:
I just got this item from SANS, and I still can't quite believe
what my eyes are seeing:
--Microsoft Bans Weak Crypto in New Code
(15 September 2005)
A new policy at Microsoft bans developers from using functions using the
DES, MD4, MD5 and in some cases the SHA1 encryption algorithms in their
code because increasingly sophisticated cyber attacks are threatening
the security of these algorithms. Microsoft recommends the use of the
(Secure Hash Algorithm) SHA256 encryption algorithm and (Advanced
Encryption Standard) AES cipher. The decision comes as part of
Microsoft's twice-a-year update to its Secure Development Lifecycle
policies. The company also hopes eventually to remove the vulnerable
encryption from older code.
[Editor's Note (Schultz): Microsoft deserves a proverbial round of
applause for its decision concerning use of cryptography in its
(Schneier): This will improve potential security for their products at
the cost of backwards compatibility -- I call that a good trade-off.]
I have Schneier's second edition of Applied Cryptography (which is
where I learned what little I know about the subject) and he does a
good imitation of someone who really knows the subject.
I can cite decades of bad (or ridiculous) decisions by M$ concerning
anything to do with security -- but seeing Schneier's name attached to
this article makes me wonder if things have changed...
Anyone here agree that MD5 and SHA1 are 'weak' crypto? Any other
thoughts about the subject?
To many crypto/authentication algorithms, if two files (or messages)
have the same hash and same size, then they're identical.
I think the general consensus in the crypto community is that MD5 and
SHA-1 shouldn't be used in any new designs, especially considering that
stronger (and longer) hash algorithms already exist. If the
researchers keep cracking away at MD5, schemes that already use it might
have to be outright replaced, if that's not already the case.
I wish I was more of an expert on this, and apologies to the crypto
community if I've misrepresented their views.