Re: DES
> On the other hand, even the latest versions of windows still use NTLM which is based on MD4. They also use an AES based algorithm as well, but it's not possible to migrate entirely to a new algorithm like unix can because the hashing algorithms are an inherent part of network authentication protocols among other things - so the newer algorithm can largely just be ignored.
This hasn't been entirely true for some time now. Plain old Windows, configured for basic local auth, will still use NTLM/MD4, but that's one of many auth options, even for home users.
Network authentication has been standardised on Kerberos/AES for years, though unfortunately MD5-based Kerberos is still a necessary evil for places that still insist on running 15 year old domain controllers.
Biting the hand that feeds IT
