GoogleIt Mail IT Print IT PermaLinkMicrosoft Is Deprecating MD4, MD5, And SHA1
05:14:47 PM
Written By : Richard SchwartzCategory : Crypto
Location : Nashua, NH

It's been more than a year since the news came out that MD5 is broken. Earlier this year, the expected follow-up story that SHA1 broken came out. In recent months, I noted that the clock is surely ticking for an update of the cryptographic hashes used by Notes and Domino for SSL and digital signature. Now Microsoft has taken steps to deprecate the use of MD5 and SHA1 in favor of SHA256 within their own products. MD2 isn't mentioned in the article, but it's unlikely that they use it much.

Microsoft will likely have a much easier time doing this than IBM will, because they aren't saddled with the problem of having a massive installed base of PKI users whose certificates are signed with MD2. Nor do they have massive numbers of MD2 signed messages sitting in user mailboxes or MD2 signed design elements in databases. IBM will clearly have to do something, and they'll clearly have to be backward compatible so that certificates and notes can carry both SHA256 signatures that are understood by a new version of software and MD2 signatures that are still accepted by older versions. I'd like to see a specific plan for dealing with this from IBM. It will certainly be my number one question at the Ask The Developer's session at Lotusphere if nothing is announced before then.

This page has been accessed 247 times. .
Comments :v

1. zhuojian07/05/2016 10:07:14 AM


2. clibin00909/01/2016 09:44:06 PM

Enter Comments^

Email addresses provided are not made available on this site.

You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links

:-x :cry: :laugh: :-( :cool: :huh: :-) :angry: :-D ;-) :-p :grin: :rolleyes: :-\ :emb: :lips: :-o
bold italic underline Strikethrough

Remember me    

Monthly Archive
Responses Elsewhere

About The Schwartz


All opinions expressed here are my own, and do not represent positions of my employer.