NT fails US government crypto tests

Shortcomings in the CryptoAPIs, so brace yourself for Service Pack 5...

Major cryptographic shortcomings in NT 4.0 have forced Microsoft to engage in major surgery on the product, according to Web news service Network World . In a story earlier this week Network World revealed that NT 4.0 had failed US government cryptography tests. In order to be sold to the US and Canadian governments products have to pass the Federal Information Processing Standard (FIPS) 140-1 certification test. NT failed, and the testing revealed problems in NT’s cryptographic processing. Microsoft is preparing a fix pack for release this quarter, but application of this will probably result in users being able to run IE 4.0, Outlook 98 and various other applications in FIPS mode. IE 5.0 will know how to deal with FIPS, but it seems to be a moving target for Microsoft. Humorously, Netscape Communicator has passed FIPS 140-1. According to Network World the problems are related to NT 4.0’s CryptoAPIs and were uncovered at government-certified testing lab CygnaCom. Service Pack 4, which was released relatively recently, was intended to be the last fixpack for NT 4.0, but if you’re in the US government, it looks like you’re going to have to deal with Service Pack 5 after all... ®

Sponsored: 10 ways wire data helps conquer IT complexity