Wired: Critics Blast MS SecurityMay 17, 2000, 00:00 (0 Talkback[s])
(Other stories by Declan McCullagh)
"If you're a Windows 2000 user, be warned: Your security software may not work the way you think it does."
"Microsoft intentionally designed Windows 2000 so that export versions can use a notoriously weak encryption method to scramble information sent over the Internet and intranets, leaving sensitive data exposed to hackers and eavesdroppers...."
"A Microsoft manager on Monday defended why Windows 2000 computers in some circumstances switch from the highly secure triple-DES algorithm to the notoriously weak single-DES variant. Triple-DES is up to 70,000 trillion times stronger."
"Ron Cully, lead program manager for Windows networking, said that companies might have thousands of machines and some might not have triple-DES installed. Because of U.S. export and other import restrictions, Microsoft ships triple-DES in a separate "high encryption pack."