The Slow Adoption of Cryptography in .NET

And, so, .NET 9.0 preview is here, and it’s all a bit of a disappointment. While other companies, such as Google and Cloudflare have really push forward in adopting the latest (and best) cryptography methods, Microsoft have been slow to adopt.

I may be wrong, but Microsoft often takes a long time to adopt the most up-to-date cryptography. While OpenSSL is also fairly slow, Microsoft seems to take an even longer time to advance its libraries for cryptography. This happened for ECC, and where it took years for them to do the most basic basic elliptic curves, and to integrate the ECDSA digital signature method. And, so, with .NET 8, we saw them adding SHA3 [here]:

In 2014, NIST defined that SHA-3 would be based on the Keccak method, and then in 2015, it published the standard. Many applications now use SHA-3, but it has been missing from Microsoft’s .NET framework. Now, Microsoft say it has been added to .NET 8, and so we can try:

namespace SHA3
{
    class Program
    {
        static void…