Microsoft Warns Customers Away From RC4 and SHA-1 92
Trailrunner7 writes "The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said it is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm. RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications. The company also said that as of January 2016 it will no longer will validate any code signing or root certificate that uses SHA-1."
crypto is for losers (Score:0, Funny)
I remember this one dude was trying to get me to encrypt all my hard drives. But dude, I said, I want to be able to read my hard drives.
Re:The time has come the walrus said... (Score:4, Funny)
No more RC4? No more SHA1? Next they'll be telling me to patch against WMF exploits.
Thank God we can still depend on ActiveX!