120 votesAlan Ortiz commented
It would be a disservice to your enterprise to support broken encryption algorithms like 3DES and SHA1 - as those are no longer deemed secure. The minimum should be AES and SHA256. DUKPT also benefits from the larger pool of available encryption keys it can derive from the aforementioned encryption algorithms. I would encourage Microsoft to support higher encryption algorithms.
7 votesAlan Ortiz shared this idea ·