Businesses should press software vendors to meet new Microsoft encryption requirements

By | August 14, 2012

Source: Computerworld

by Tim Greene

In this article “Businesses should start leaning on vendors now to upgradeapplications that use less than 1,024-bit encryption before it’s too late.

What is currently a voluntary upgrade request from Microsoft is likely to become mandatory within a few months, meaning that apps using weaker encryption keys won’t work with a range of Microsoft platforms, says Paul Henry, a security and forensic analyst with Lumension.

Some vendors may not even make 1,024-bit versions of their applications in an effort to avoid having to get federal export permits for them, he says. Many U.S. software vendors shipped products with 256-bit encryption instead, even to domestic customers, so they didn’t have to deal with permitting at all.”

Leave a Reply