Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

New Vista Random Numbers to Include NSA Backdoor?

Posted by ScuttleMonkey on Mon Dec 17, 2007 05:15 PM
from the advice-is-to-never-enable-it.-Ever. dept.
Security Operating Systems Software Windows
Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

New Vista Random Numbers to Include NSA Backdoor? 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Really... (Score:5, Funny)

    by 2names (531755) on Monday December 17 2007, @05:18PM (#21730986)
    I guess it's not so secret then, is it?

    • Secret Back door code is pretty easy!! (Score:5, Funny)

      by spineboy (22918) on Monday December 17 2007, @05:46PM (#21731448) Journal
      Maybe the NSA could have thought a little harder at entering a back door code. Secret sources have revealed the NSA back door code to be.

      up, up, down, down, left, right, left, right, B, A

      • Re:Really... (Score:4, Insightful)

        by Applekid (993327) on Monday December 17 2007, @05:58PM (#21731676)
        What you're essentially proposing is encrypting the same data twice, first with the questionable algorithm, then with another algorithm of your choice. If that's the case, you might as well just encrypt it with the second algorithm, hopefully more complicated than just shifting and adding. ;)

      • Re:Really... (Score:5, Informative)

        by yo_tuco (795102) on Monday December 17 2007, @06:01PM (#21731712)
        "Wait... couldn't you just add something to the random number? Or perhaps shift the digits over?"

        You can do what TFA said:

        "It's possible to implement Dual_EC_DRBG in such a way as to protect it against this backdoor, by generating new constants with another secure random-number generator and then publishing the seed. This method is even in the NIST document, in Appendix A."

      • Re:"may have" (Score:4, Informative)

        by civilizedINTENSITY (45686) on Monday December 17 2007, @06:50PM (#21732322)
        Well it *does* have a backdoor, the only question is does anyone have the constants? FTFA:

        What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output.
        Also FTFA:

        The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

  • From the article (Score:3, Insightful)

    by tieTYT (989034) on Monday December 17 2007, @05:20PM (#21731034)
    "It's not enabled by default, and my advice is to never enable it. Ever."
  • Given the known problems of Dual_EC_DRBG, which, from the Bruce Schneier article, include the fact that's slow, that it's got an obvious backdoor, and that it was inexplicably pushed for the NSA for seemingly no reason, why would Microsoft add it to Vista SP1?

    Now adding the algorithm itself isn't really a backdoor per se, because no one is forcing you to use that particular random number generator. But it is also interesting to note that this isn't the first time Microsoft has been accused of inserting backdoors for the CIA or the NSA. Of course, Microsoft vehemently denies such allegations, but I would assume that they would. Given what the telcos did for the NSA, would anyone be surprised if it really did come out that the NSA actually forced Microsoft to put backdoors in Office or Windows?

    • Re:Given the known problems of Dual_EC_DRBG (Score:5, Informative)

      by RightSaidFred99 (874576) on Monday December 17 2007, @05:30PM (#21731202)
      I know this is crazy talk, but maybe there's a simple explanation. Microsoft put it in the OS as an option so that people who want to use it (hmm...government contracts?) can if they so choose. So maybe Microsoft sees the NSA as a "customer" and decided they were important enough to include it for their use and for other government use.

      Insane - I know, they must be "out to get us".

      • This random number generator is not used by default.
        Prove it. Oh, that's right, you can't because you don't have the source code. Unless maybe you're astroturfing. Even then you'd be under an NDA anyhow.

        Other governments are not going to be willing to buy a system with a NSA backdoor.
        And other governments have replaced Windows with custom Linux distros due to the potential of this very problem. This is a fact that cannot be denied.

        • Re:Given the known problems of Dual_EC_DRBG (Score:4, Insightful)

          by secPM_MS (1081961) on Monday December 17 2007, @06:04PM (#21731766)
          I don't have to prove it. Not only that, but you wouldn't believe me if even if the code was released - after all, how do you know that the code corresponds to the actual binary?

          Look at the FIPS and CC documentation. Governments do use these systems in security critical environments, but they configure them very carefully. There is configuration data available on how to configure system for security critical environments. Selecting your random number generator is one of the things you can do.

          The staff working on this are noted cryptographers who do know what they are doing. I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.

      • Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)

        by dvice_null (981029) on Monday December 17 2007, @06:18PM (#21731944)
        > As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of.

        I can believe that you don't know, but would they really tell you if there were such backdoors?

        > Governments both in the US and elsewhere do this, which suggests that no backdoor is available.

        If you had a backdoor which allows you to access remote computers anywhere would you
        a) Tell everyone that you can do it
        b) Use some dummy keyloggers and malware to suggests that you can't do it

  • Concerned About Security... (Score:4, Funny)

    by Nom du Keyboard (633989) on Monday December 17 2007, @05:23PM (#21731074)
    You're concerned about security, and you're using WINDOWS VISTA???

  • it's true (Score:5, Funny)

    by circletimessquare (444983) <circletimessquare@@@gmail...com> on Monday December 17 2007, @05:25PM (#21731122) Homepage
    i seeded the dual_EC-DRBG with the following ASCII strings the and got the following output in ASCII:

    missionaccomplished -> LOL

    waterboard -> buckshottotheface

    osamabinladen -> loofahnotfalafel

    iraq -> vietnam

  • Why... (Score:4, Funny)

    by Basilius (184226) on Monday December 17 2007, @05:38PM (#21731342)
    ...does every article about Vista make me less likely to ever use it? Aren't things like this supposed to _improve_ with time?

  • OK, this is just stupid. (Score:5, Insightful)

    by rrkap (634128) on Monday December 17 2007, @05:41PM (#21731384) Homepage
    So, let's review:

    1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
    2. Manufacturers implement the new standard.
    3. Grand conspiracy!!!

    Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.

  • Does anyone who uses Vista... (Score:5, Interesting)

    by gillbates (106458) on Monday December 17 2007, @06:07PM (#21731790) Homepage Journal

    Have any expectation of privacy or security in the first place?

    IIRC, some of the key SCOTUS decisions regarding the Fourth Amendment have centered around a person's expectation of privacy. They've argued:

    • That someone doesn't have a reasonable expectation of privacy regarding their garbage.
    • That email doesn't have a reasonable expectation of privacy...
    • That a person's car is subject to Fourth Amendment protection.

    That said, the government could persuasively argue that someone who runs Windows, especially Vista, has no expectation of privacy in the first place:

    • More malware and trojans run on Windows than Mac and Linux combined. In fact, there are more viruses available for Windows than there are editors - even applications - for Linux.
    • Microsoft has continued a trend of introducing software with gaping holes for that past 10 years. No OS vendor in the last decade has produced a less secure OS than Microsoft. Surely the user must be aware of this, and have accepted the risk.
    • Users accept the Windows EULA, which, among other things, allows Microsoft to remotely check Windows for proper activation - so they already have given up their privacy to a corporation.

    Now the sad thing is that this does come across as a troll, but sadly, it's true. And it needs to be addressed. For some reason, the /. crowd thinks it is acceptable that a majority of the population uses an OS which is horribly less secure than the ones we ourselves use (Linux, Macs, etc...). We're supposed to be the technical ones who have the solution to these problems, and yet, most /.ers just choose to blame the victim and whine about Microsoft being evil. Granted, we already know that.

    Is it really acceptable that our collective rights are surrendered because a major corporation finds more profit in insufficient design and testing of its software? I realize that most of you loathe Windows, but unless we actually do something to fix the social barriers to the adoption of Linux, we can expect that, because Windows is so insecure, our government will be able to convince SCOTUS that a computer user has no "reasonable expectation of privacy".

    It doesn't matter so much that this PRNG is insecure. A knowledgeable cryptographer isn't going to trust the OS for random numbers, anyway - unless it is in compliance with some standard to which their code must comply. What matters is that Vista is full of holes, and we're talking about a PRNG which no software of cryptographical consequence is going to use anyway.

    Instead, we ought to worry that Windows itself is easily compromised by the government. That is the real problem. Why would you break the PRNG when you can rootkit even a fully patched Vista box with an email?.

    • Clever! (Score:5, Insightful)

      by spun (1352) <<moc.oohay> <ta> <yranoituloverevol>> on Monday December 17 2007, @05:30PM (#21731206) Journal
      I see what you did there. You implied that anyone who criticizes the US or Vista is a paranoid loony. Now why would you do that? Do you just assume that people will criticize the US? Is the US that worthy of criticism that you have to defend it preemptively? I know that's a popular tactic these days, but is it entirely necessary? Nice how you posted AC, too. You sir are an all-around class act.
    • Agreed. The only interesting thing about this whole story is that the NSA apparently reviewed the PRNG function and rubber-stamped it, missing the critical vulnerability. Since the vulnerability really isn't that good of a backdoor, and doesn't seem to have been all that subtle, I think this is far more likely to be incompetence rather than malice on their part.

      As an American, that doesn't make me feel a whole lot better -- in some ways, I'd really like to have the secret agencies of so many spy movies rather than the massive bureaucratic pile that I know exists in reality -- but disappointment in government is something I've gotten used to. You don't last long in Washington without it.

    • Re:Conspiracy theorists come forth! Now it the tim (Score:5, Insightful)

      by hey! (33014) on Monday December 17 2007, @05:45PM (#21731442) Homepage Journal
      I disagree.

      This has absolutely nothing to do with open or closed source. A completely open source random number generator would have precisely the same vulnerability, because the problem isn't potential skulduggery by the vendor, it's potential skulduggery by the people who designed the standard.

      What Microsoft has done is to implement a questionable standard. It makes no sense in this case to blame them for its shortcomings, especially since developers have alternative standards they can use.

      Now when it comes to application software using a random number generator, then there actually is a closed/open source argument to be made. Do you know which random number generator is used by the software you use? With closed source, almost certainly not. With open source, programmers can undo the choice of the dodgy elliptic curve RNG and replace it with a more solid, equally standards compliance alternative. And get a speed boost too. You also know that you might not want to trust the source for your software if they use the inferior algorithm.

    • Re:Section Tag (Score:5, Funny)

      by naapo (982524) on Monday December 17 2007, @05:56PM (#21731652)
      Don't know about our rights online, but I gladly noticed that this was tagged quite appropriately

      ahhjeezenotthisshitagain
      It was not exactly a dupe, but clearly an "ahhjeezenotthisshitagain".

      • Re:Fuck You AmeriKKKa! (Score:4, Informative)

        by Jerry Rivers (881171) on Monday December 17 2007, @06:52PM (#21732344)
        Telephone was the culmination of the work of several people, and so the nationality of the inventor is in dispute. Bell did most of his work on the telephone in Canada.

        The first computer was a German invention (Konrad Zuse's Z3 in 1941).

        The first automobile was a French invention (1881).

        The light bulb had already been invented by several people, mostly European, before Edison perfected it.

      • Re:Fuck You AmeriKKKa! (Score:5, Informative)

        by sherpajohn (113531) on Monday December 17 2007, @06:56PM (#21732402) Homepage

        Computer.....check...holy crap...modern computing actually has it's roots in TEXAS of all places (see the integrated circuit)...so DOUBLE check

        Bzzzt, wrong! Even though he is dead, his guy: http://en.wikipedia.org/wiki/Konrad_Zuse [wikipedia.org] would argue with that.

        Motor Car....check again...lol - who would have thought, surely SOMETHING on this list was not invented by America

        Wait another dead guy wants a chat - http://en.wikipedia.org/wiki/Karl_Benz [wikipedia.org] - says he invented the automobile.

        Light Bulb....check again, wow
        Um, better check your's again, I think its a bit dim if not burnt out. If you refer to Edison, he was not even close to the first to demonstrate what is now known as the incandescent light bulb. http://en.wikipedia.org/wiki/Lightbulb [wikipedia.org]

        Well, 2 out of 5 ain't bad right? Well, the telephone is not a sure thing, so lets make it 1.5.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.