Microsoft is banning certain cryptographic functions from new computer
code, citing increasingly sophisticated attacks that make them less
secure, according to a company executive.
The Redmond, Wash., software company instituted a new policy for all
developers that bans functions using the DES, MD4, MD5 and, in some
cases, the SHA1 encryption algorithm, which is becoming "creaky at the
edges," said Michael Howard, senior security program manager at the
company, Howard said.
Original News:
Microsoft Scraps Old Encryption in New Code
Exploiting MD5 collisions (in C#)
Now I feel I have to change all my MD5 usages to SHA... some security is better than none