Slashdot Log In
New Vista Random Numbers to Include NSA Backdoor?
Posted by
ScuttleMonkey
on Monday December 17, @04:15PM
from the advice-is-to-never-enable-it.-Ever. dept.
from the advice-is-to-never-enable-it.-Ever. dept.
Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
New Vista Random Numbers to Include NSA Backdoor?
|
Log In/Create an Account
| Top
| 269 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Really... (Score:5, Funny)
Re:Really... (Score:4, Insightful)
Re:Really... (Score:5, Informative)
You can do what TFA said:
"It's possible to implement Dual_EC_DRBG in such a way as to protect it against this backdoor, by generating new constants with another secure random-number generator and then publishing the seed. This method is even in the NIST document, in Appendix A."
Secret Back door code is pretty easy!! (Score:5, Funny)
up, up, down, down, left, right, left, right, B, A
Re:"may have" (Score:4, Informative)
Section Tag (Score:2)
Re:Section Tag (Score:5, Funny)
Conspiracy theorists come forth! Now it the time.. (Score:1)
Re:Conspiracy theorists come forth! Now it the tim (Score:5, Insightful)
This has absolutely nothing to do with open or closed source. A completely open source random number generator would have precisely the same vulnerability, because the problem isn't potential skulduggery by the vendor, it's potential skulduggery by the people who designed the standard.
What Microsoft has done is to implement a questionable standard. It makes no sense in this case to blame them for its shortcomings, especially since developers have alternative standards they can use.
Now when it comes to application software using a random number generator, then there actually is a closed/open source argument to be made. Do you know which random number generator is used by the software you use? With closed source, almost certainly not. With open source, programmers can undo the choice of the dodgy elliptic curve RNG and replace it with a more solid, equally standards compliance alternative. And get a speed boost too. You also know that you might not want to trust the source for your software if they use the inferior algorithm.
From the article (Score:3, Insightful)
Re:From the article (Score:5, Interesting)
=Smidge=
Given the known problems of Dual_EC_DRBG (Score:5, Interesting)
Now adding the algorithm itself isn't really a backdoor per se, because no one is forcing you to use that particular random number generator. But it is also interesting to note that this isn't the first time Microsoft has been accused of inserting backdoors for the CIA or the NSA. Of course, Microsoft vehemently denies such allegations, but I would assume that they would. Given what the telcos did for the NSA, would anyone be surprised if it really did come out that the NSA actually forced Microsoft to put backdoors in Office or Windows?
Re:Given the known problems of Dual_EC_DRBG (Score:5, Informative)
Insane - I know, they must be "out to get us".
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
As another poster said, where in the OS is this used? Do you know? Does anyone but Microsoft?
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
Re:Given the known problems of Dual_EC_DRBG (Score:4, Insightful)
Look at the FIPS and CC documentation. Governments do use these systems in security critical environments, but they configure them very carefully. There is configuration data available on how to configure system for security critical environments. Selecting your random number generator is one of the things you can do.
The staff working on this are noted cryptographers who do know what they are doing. I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
I can believe that you don't know, but would they really tell you if there were such backdoors?
> Governments both in the US and elsewhere do this, which suggests that no backdoor is available.
If you had a backdoor which allows you to access remote computers anywhere would you
a) Tell everyone that you can do it
b) Use some dummy keyloggers and malware to suggests that you can't do it
Well... (Score:2, Redundant)
n-th sensationalist headline of the day (Score:1)
Concerned About Security... (Score:4, Funny)
it's true (Score:5, Funny)
missionaccomplished -> LOL
waterboard -> buckshottotheface
osamabinladen -> loofahnotfalafel
iraq -> vietnam
No surprise here (Score:2, Interesting)
http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]
Is this "feature" back-ported to XP SP3, too? (Score:3, Interesting)
SP3 is supposed to have some of Vista's most useful features as well as all previous bug fixes.
Would a shame to ruin a good service pack that speeds up XP by 10%.
Correct me if I'm wrong but... (Score:1)
Why... (Score:4, Funny)
More important question (Score:1)
OK, this is just stupid. (Score:5, Insightful)
1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
2. Manufacturers implement the new standard.
3. Grand conspiracy!!!
Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.
Trust Us, We're From the Government (Score:3, Funny)
There is no truth to the existence of a back door (Score:1)
And, I never was in the shack at Yakima, and we never listened to your long-distance phone calls and made fun of you going kissy-kissy with your wife overseas.
Really.
Pay no attention to the curtain, nothing is behind it. Really. And get that dog away from it!
tee hee (Score:1)
Could be a problem! (Score:1, Funny)
there must be a ulterior motive (Score:2)
Does anyone who uses Vista... (Score:5, Interesting)
Have any expectation of privacy or security in the first place?
IIRC, some of the key SCOTUS decisions regarding the Fourth Amendment have centered around a person's expectation of privacy. They've argued:
That said, the government could persuasively argue that someone who runs Windows, especially Vista, has no expectation of privacy in the first place:
Now the sad thing is that this does come across as a troll, but sadly, it's true. And it needs to be addressed. For some reason, the /. crowd thinks it is acceptable that a majority of the population uses an OS which is horribly less secure than the ones we ourselves use (Linux, Macs, etc...). We're supposed to be the technical ones who have the solution to these problems, and yet, most /.ers just choose to blame the victim and whine about Microsoft being evil. Granted, we already know that.
Is it really acceptable that our collective rights are surrendered because a major corporation finds more profit in insufficient design and testing of its software? I realize that most of you loathe Windows, but unless we actually do something to fix the social barriers to the adoption of Linux, we can expect that, because Windows is so insecure, our government will be able to convince SCOTUS that a computer user has no "reasonable expectation of privacy".
It doesn't matter so much that this PRNG is insecure. A knowledgeable cryptographer isn't going to trust the OS for random numbers, anyway - unless it is in compliance with some standard to which their code must comply. What matters is that Vista is full of holes, and we're talking about a PRNG which no software of cryptographical consequence is going to use anyway.
Instead, we ought to worry that Windows itself is easily compromised by the government. That is the real problem. Why would you break the PRNG when you can rootkit even a fully patched Vista box with an email?.
This is not Trivial... (Score:3, Informative)
|Cryptanalytic Attacks on Pseudorandom Number Generators
J. Kelsey, B. Schneier, D. Wagner, and C. Hall
Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 168-188.
ABSTRACT: In this paper we discuss PRNGs: the mechanisms used by real-world secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of this model (and our attacks) to four real-world PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions. | http://www.schneier.com/paper-prngs.html [schneier.com]
If you have been keeping up with computer security, everyone should be aware of the weakness of Random Number generators and it's vast effects over large sections of the computer world. This is not trivial...
Worth Noting (Score:2, Interesting)
So... (Score:2)
But seriously, this is a continuation of Microsoft's vendor-first, consumer-second approach.
Random fun in the old days of computing (Score:2)
For example, using this technique on a pair of Apple IIs (same series/configuration), you could load up a stock trading game on both machines and play one machine normally to see which companies were going to increase/decrease in value, then pour all the funds into the companies on the first computer that increased into those same companies on the second computer.
Near as I can tell, the random number generator (at least on the Apple II) would only change state when a new value was requested from it... otherwise it simply sat idly by waiting for the next request.
If true... (Score:2)
If the government is FORCING MS to do this, then we should be calling our representatives and not sitting around speculating or smacking on Microsoft.
The whole big brother NSA thing is very much a Republican/Bush/Neo-con era mechanism, and Gates and lots of others at Microsoft vote democrat, even when it was NOT in their best interest as during the DOJ trials of the 90s.
(Look up contributions, MS by far gives to Democratic canidates, and ironically companies that we think are on the side of the little people are ones shoving money toward pro-corporate/authoritarian canidates.)
Let me guess... (Score:2, Informative)
4, 8, 15, 16, 23, & 42
Hmmm...
why not upgrade to vista (Score:1)
Bring out behind the shed and shoot it, let the penguin get caught holding the gun!
Obligatory quote (Score:1)
John Von Neumann, 1951
Clever! (Score:5, Insightful)
Re:Much Ado About Nothing (Score:5, Insightful)
As an American, that doesn't make me feel a whole lot better -- in some ways, I'd really like to have the secret agencies of so many spy movies rather than the massive bureaucratic pile that I know exists in reality -- but disappointment in government is something I've gotten used to. You don't last long in Washington without it.
Re:Fuck You AmeriKKKa! (Score:2, Insightful)
I'm 24 years old. I don't want to go through the next 50 years of my life living in an international air of worry and uncertainty. I don't want to live in a permanent state of fear, generated by a megalomaniacal American government taking advantage of the majority low IQ populous' capacity for being brainwashed.
Can I suggest you up your meds? Your current dosage isn't doing its job.
Re:Conpiracy theorists.... (Score:1)
Re:Fuck You AmeriKKKa! (Score:2)
We're doomed.
Re:funny (Score:2)
come to think about it my comment isn't any better than the rest of the people's here.. feel free to read my sig and troll away..
Re:Fuck You AmeriKKKa! (Score:2, Informative)
Hmmm.....America invented the:
Internet.....check
Computer.....check...holy crap...modern computing actually has it's roots in TEXAS of all places (see the integrated circuit)...so DOUBLE check
Motor Car....check again...lol - who would have thought, surely SOMETHING on this list was not invented by America
Light Bulb....check again, wow
Telephone.....and....wait for it.......check
Re:Fuck You AmeriKKKa! (Score:4, Informative)
The first computer was a German invention (Konrad Zuse's Z3 in 1941).
The first automobile was a French invention (1881).
The light bulb had already been invented by several people, mostly European, before Edison perfected it.
Re:Fuck You AmeriKKKa! (Score:5, Informative)
Bzzzt, wrong! Even though he is dead, his guy: http://en.wikipedia.org/wiki/Konrad_Zuse [wikipedia.org] would argue with that.
Wait another dead guy wants a chat - http://en.wikipedia.org/wiki/Karl_Benz [wikipedia.org] - says he invented the automobile.Um, better check your's again, I think its a bit dim if not burnt out. If you refer to Edison, he was not even close to the first to demonstrate what is now known as the incandescent light bulb. http://en.wikipedia.org/wiki/Lightbulb [wikipedia.org]
Well, 2 out of 5 ain't bad right? Well, the telephone is not a sure thing, so lets make it 1.5.
Re:Article summary follows (Score:5, Funny)
Re:Not against MSFT but the design (Score:1)
Read the details, Tom. The AES CTR_DRBG from SP 800-90 is the default PRNG and the ECDRBG is an optional PRNG that can be configured by the user or selected by the calling application.
So why does MS have both if you "know" they only added it for "blind compliance" with the spec?