Microsoft dumps Vulnerable Encryption Algorithms

By | September 16, 2005

Microsoft is planning to ban certain cryptographic algorithms from its new code, citing sophisticated attacks that make them less secure. The algorithms are used to create digital signatures and verify the integrity of the information passed within the products.

The software company issued a new policy for all developers that blocks functions using MD4 (Message Digest Algorithm), MD5 and the DES (Data Encryption Standard) encryption algorithms. In order to enforce the new policy, all code will be scanned by automated code scanning tools that will flag insecure functions and ask the developers to change the code.

Microsoft will implement the Secure Hash Algorithms 256 (SHA256) and the Advanced Encryption Standard encryption algorithms instead.

Although the replacement is planned for the new code only, Microsoft said that eventually it will replace vulnerable code in older versions too.

The usage of vulnerable cryptographic algorithms could expose sensitive information; however it is unlikely to see attacks on these algorithms yet.

Leave a Reply