Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows

New Vista Random Numbers to Include NSA Backdoor? 269

Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
This discussion has been archived. No new comments can be posted.

New Vista Random Numbers to Include NSA Backdoor?

Comments Filter:
  • Really... (Score:5, Funny)

    by 2names ( 531755 ) on Monday December 17, 2007 @04:18PM (#21730986)
    I guess it's not so secret then, is it?
    • by spineboy ( 22918 ) on Monday December 17, 2007 @04:46PM (#21731448) Journal
      Maybe the NSA could have thought a little harder at entering a back door code. Secret sources have revealed the NSA back door code to be.

      up, up, down, down, left, right, left, right, B, A
  • Wouldn't this go under "Your Rights Online"?
  • From the article (Score:3, Insightful)

    by tieTYT ( 989034 ) on Monday December 17, 2007 @04:20PM (#21731034)
    "It's not enabled by default, and my advice is to never enable it. Ever."
  • by morgan_greywolf ( 835522 ) on Monday December 17, 2007 @04:21PM (#21731046) Homepage Journal
    Given the known problems of Dual_EC_DRBG, which, from the Bruce Schneier article, include the fact that's slow, that it's got an obvious backdoor, and that it was inexplicably pushed for the NSA for seemingly no reason, why would Microsoft add it to Vista SP1?

    Now adding the algorithm itself isn't really a backdoor per se, because no one is forcing you to use that particular random number generator. But it is also interesting to note that this isn't the first time Microsoft has been accused of inserting backdoors for the CIA or the NSA. Of course, Microsoft vehemently denies such allegations, but I would assume that they would. Given what the telcos did for the NSA, would anyone be surprised if it really did come out that the NSA actually forced Microsoft to put backdoors in Office or Windows?

    • by RightSaidFred99 ( 874576 ) on Monday December 17, 2007 @04:30PM (#21731202)
      I know this is crazy talk, but maybe there's a simple explanation. Microsoft put it in the OS as an option so that people who want to use it (hmm...government contracts?) can if they so choose. So maybe Microsoft sees the NSA as a "customer" and decided they were important enough to include it for their use and for other government use.

      Insane - I know, they must be "out to get us".

      • by morgan_greywolf ( 835522 ) on Monday December 17, 2007 @04:47PM (#21731470) Homepage Journal
        Who even says that at an RNG has to be at the OS level? If NSA or its customers want to use Dual_EC_DRBG, there is nothing stopping them from doing so on Vista or any other OS.

        As another poster said, where in the OS is this used? Do you know? Does anyone but Microsoft?
        • by adolf ( 21054 )
          I could make the same argument about anything:

          Who even says that a GUI has to be at the OS level? If the NSA or its customers want to use graphics, there is nothing stopping them from doing so on Linux or any other OS.

          Or:

          Who even says that a filesystem has to be at the OS level? If the NSA or its customers want to use files, there is nothing stopping them from doing so on *BSD or any other OS.

          Or even:

          Who even says that a TCP/IP stack has to be at the OS level? If the NSA or its customers want to use Teh
          • Well everybody - except Microsoft of course - knows that the GUI don't have to be in the kernel.

            What should be in the kernel is the code for handling the hardware and give those resources to programs in a secure way. Nothing more nothing less.
    • Re: (Score:3, Informative)

      by CastrTroy ( 595695 )

      because no one is forcing you to use that particular random number generator

      That's hard to say. What does Vista use this RNG for internally. Does it use it for generating keys for use in SSL communications in Internet Explorer? Does it use this RNG to generate random keys for connecting to a VPN? Does it use this RNG to create a salt when storing your passwords? Does it use this RNG to generate the keys for BitLocker? There's many places where one may be using this RNG without even knowing it.

    • Maybe it's because mshaft are in bed with the NSA? After all, the various US intel agencies (and probably those of many governments) want to decrypt ANYthing they think is important enough to them, and they want QUICK not painstakingly-slow access to the plain text.

      By including the back doors, mshaft can further differentiate itself from Open Source, maybe to marginalize OpenSource (I wonder what Novell will say in this regard) and try to make companies and governments think OpenSource/Linux applications an
    • Re: (Score:3, Insightful)

      by secPM_MS ( 1081961 )
      Sorry to deflate the conspiracy theorists. Certain governmental customers wanted the ECC random number generator. MS provided it. This random number generator is not used by default. The default random number generator is CryptGenRandom, which was revised to deal with the issues that have been discussed with rather more sensationalism than was warranted.

      Customers who want to use the ECC generator can choose to use it. This is rather like turning on FIPS mode.

      As for backdoors, anybody who is paranoid abo

      • by morgan_greywolf ( 835522 ) on Monday December 17, 2007 @04:53PM (#21731582) Homepage Journal

        This random number generator is not used by default.
        Prove it. Oh, that's right, you can't because you don't have the source code. Unless maybe you're astroturfing. Even then you'd be under an NDA anyhow.

        Other governments are not going to be willing to buy a system with a NSA backdoor.
        And other governments have replaced Windows with custom Linux distros due to the potential of this very problem. This is a fact that cannot be denied.

        • by secPM_MS ( 1081961 ) on Monday December 17, 2007 @05:04PM (#21731766)
          I don't have to prove it. Not only that, but you wouldn't believe me if even if the code was released - after all, how do you know that the code corresponds to the actual binary?

          Look at the FIPS and CC documentation. Governments do use these systems in security critical environments, but they configure them very carefully. There is configuration data available on how to configure system for security critical environments. Selecting your random number generator is one of the things you can do.

          The staff working on this are noted cryptographers who do know what they are doing. I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.

          • Re: (Score:3, Insightful)

            by Burz ( 138833 )

            I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.

            A dubious distinction. Microsoft is almost criminally negligent when it comes to encryption and most other security issues. Between that and your obvious conflict of interest here, why should anyone believe you?

            I'll heed Schneier's concerns over your schilling any day. I'd set his words to music before accepting that soiled "expert opinion" you're pushing, because at the very least you are deranged for smearing those concerns as "paranoid" against the backdrop of massive government spying we see today.

            • In the early days, MS focused upon features more than security, as that is what the customers responded to. About the same as the current "Web 2.0", which is essentially untrustworthy by design.

              Once security problems became a customer concern, MS moved on it. Indeed, MS is being subjected to considerable criticsm in Vista and Server 2008 for overinvesting in security with respect to neat new features. There is always the feature / security tradeoff. You can configure your system for security, minimizing t

              • Re: (Score:3, Interesting)

                by Burz ( 138833 )

                Indeed, MS is being subjected to considerable criticsm in Vista and Server 2008 for overinvesting in security with respect to neat new features.

                Certainly if you count the performance-killing DRM features as "security". Most of us here are talking about the users' security, not Hollywood's.

                Of course, the presence of DRM itself throws their crypto incompetence into high relief.

                The Secure Development Lifecycle process that was introduced a few years ago has a cryptographic portion that requires crypto usage to conform to reasonable standards...

                I know of one MS systems architect who thinks that SSL is broken (but of course, no evidence is ever forthcoming). They are FUD-spewing charlatans, and you believe in them.

                Do tell us more about Microsoft's reasonable "standards". Is it anything like what they are doing with k

          • by Kidbro ( 80868 )

            I don't have to prove it. Not only that, but you wouldn't believe me if even if the code was released - after all, how do you know that the code corresponds to the actual binary?

            You don't need to trust the binary if you have the source. You compile your own, and use that one. I know we're going off on a tangent here, but this is exactly why closed source software can't be trusted when open source software can.

            I'm not arguing any other point you make though.

            • Re: (Score:3, Interesting)

              by secPM_MS ( 1081961 )
              That is not good enough. The attack can be in the compiler or other tools in the build environment. Such attacks have been demonstrated. That is why I mentioned the CC issue. The evaluation laboratories have access to the source, have competent security staff, and are "trusted" by both the customer and the manufacturer to accurately represent what they have found.

              For all the talk about closed source, a rather large number of customers, including numerous governments, has read access to the Windows Source

      • I disagree about making snooping warrants obsolete. Prosecutors love (and, many times, need) redundant evidence to make sure the accused it put away for a long time.
      • by dvice_null ( 981029 ) on Monday December 17, 2007 @05:18PM (#21731944)
        > As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of.

        I can believe that you don't know, but would they really tell you if there were such backdoors?

        > Governments both in the US and elsewhere do this, which suggests that no backdoor is available.

        If you had a backdoor which allows you to access remote computers anywhere would you
        a) Tell everyone that you can do it
        b) Use some dummy keyloggers and malware to suggests that you can't do it
      • Let's walk through these expert comments one step at a time:

        Anybody who is paranoid about this issue

        Did you see what just happened there? This is a clever sleight of words used to disparage and marginalize anyone who questions his premise. Disagree? Put on your tin foil hat and go to the psych ward. There's no room for discussion or even consideration of alternatives. Based on my direct, but very distant experience, Bruce is right in calling the backdoor.

        The Common Criterial evaluators look for such is
        • EAL is not about security features, it is about assurance levels. In the case of EAL4, the evaluators have access to the source code and design docs and they go through looking for issues and devising tests that the evaluation lab can use to ascertain that the code behaves as expected. The reason I mentioned CC is that the CC evaluation lab has source level access to the system, not that the CC evaluation raises the security functionality. Indeed, in general you will find that the evaluated configuration of
      • by pizpot ( 622748 )
        ...Governments both in the US and elsewhere do this, which suggests that no backdoor is available.

        If you ignore reality then yeah. Try thinking "spy first, warrent later" and you will be in the right league. Trolling has become too important to give up.
      • Re: (Score:3, Insightful)

        As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of. The Common Criterial evaluators look for such issues and submit issues for fixing if and when they find them.

        I don't think you understand the issue here. Nobody is claiming that this represents a backdoor in Microsoft's code. The issue is that the approved parameters for the algorithm Dual_EC_DRBG could be a back door.

        Essentially, Dual_EC_DRBG is a public-key encryption algorithm* disguised as a random number generator. The NIST parameters are a public key. The generator has some painfully-generated random internal state. It steps by encrypting* using the internal state as a parameter. It outputs the cipher

    • To follow up on the poster's point, I've believed that there's been collusion between MS and the Government since GWB's quick settlement of the anti-trust case, and my "tin-foil hat" is not looking so silly any more. At the same time he's wrangling with the telcos to get access to domestic phone records and calls (as the NYT points out, almost immed. after he enters office), he's most likely wrangling with MS to get back doors installed. At least that's what I'd do, and I'm possibly of "normal" intelligen
  • Well... (Score:2, Redundant)

    I worry more about the 0-day backdoors in Vista than I do about the NSA backdoors.
  • by Nom du Keyboard ( 633989 ) on Monday December 17, 2007 @04:23PM (#21731074)
    You're concerned about security, and you're using WINDOWS VISTA???
    • Re: (Score:3, Funny)

      by rucs_hack ( 784150 )
      You're concerned about security, and you're using WINDOWS VISTA???

      Thats because is is an hero..
    • Well yeah. It IS the "Most Secure Windows" EVAR. Says so right on the box.
      • Well yeah. It IS the "Most Secure Windows" EVAR. Says so right on the box.

        And you know what? It's actually true.

        But the "most secure Windows ever" is kind of like the "most stylish haircut Bill Gates has ever had" or "most evolved species that Steve Ballmer resembles".

    • Assuming the poster is being forced to use Windows, then yeah, DUH!

      There are many features in Vista (such as Bitlocker) that are great security improvements over XP. Yes, Vista is a slow, buggy P.O.S. compared to XP, but it is MORE secure than XP.

  • it's true (Score:5, Funny)

    by circletimessquare ( 444983 ) <circletimessquar ... m minus math_god> on Monday December 17, 2007 @04:25PM (#21731122) Homepage Journal
    i seeded the dual_EC-DRBG with the following ASCII strings the and got the following output in ASCII:

    missionaccomplished -> LOL

    waterboard -> buckshottotheface

    osamabinladen -> loofahnotfalafel

    iraq -> vietnam
  • No surprise here (Score:2, Interesting)

    by Anonymous Coward
    No surprise, really. After all, Microsoft did this a long time ago (remember the whole "NSA KEY" fiasco?)

    http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]
  • by denis-The-menace ( 471988 ) on Monday December 17, 2007 @04:29PM (#21731188)
    Is this "feature" back-ported to XP SP3, too?
    SP3 is supposed to have some of Vista's most useful features as well as all previous bug fixes.
    Would a shame to ruin a good service pack that speeds up XP by 10%.
  • Why... (Score:4, Funny)

    by Basilius ( 184226 ) on Monday December 17, 2007 @04:38PM (#21731342)
    ...does every article about Vista make me less likely to ever use it? Aren't things like this supposed to _improve_ with time?
    • because this is Slashdot! Did you really expect a "Vista is GREAT" article? Not that they exist.
    • sensationalist pseudo-journalism?

      If you want an informed opinion about vista, slashdot is not the place to get it. Microsoft was in a tough place for this release. The more mandatory access controls they implemented, the more it broke legacy code. In the end they decided security was more important than backwards compatibility in most cases.

      It's not perfect, and I'm not switching away from linux anytime soon, but at least microsoft is trying.
  • by rrkap ( 634128 ) on Monday December 17, 2007 @04:41PM (#21731384) Homepage
    So, let's review:

    1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
    2. Manufacturers implement the new standard.
    3. Grand conspiracy!!!

    Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.
  • by Doc Ruby ( 173196 ) on Monday December 17, 2007 @04:41PM (#21731398) Homepage Journal
    What kind of commie doesn't just trust the NSA? I mean, we've got a FISA to protect us from the government and from corporations cooperating with rogue regimes [slashdot.org], right?
  • ...because this one seems too obvious. So, perhaps the NSA crypto folks have a couple of found back doors in some of the other algorithms, and this is a bit of misdirection to keep people from noticing what they really intend to use... :)
  • by gillbates ( 106458 ) on Monday December 17, 2007 @05:07PM (#21731790) Homepage Journal

    Have any expectation of privacy or security in the first place?

    IIRC, some of the key SCOTUS decisions regarding the Fourth Amendment have centered around a person's expectation of privacy. They've argued:

    • That someone doesn't have a reasonable expectation of privacy regarding their garbage.
    • That email doesn't have a reasonable expectation of privacy...
    • That a person's car is subject to Fourth Amendment protection.

    That said, the government could persuasively argue that someone who runs Windows, especially Vista, has no expectation of privacy in the first place:

    • More malware and trojans run on Windows than Mac and Linux combined. In fact, there are more viruses available for Windows than there are editors - even applications - for Linux.
    • Microsoft has continued a trend of introducing software with gaping holes for that past 10 years. No OS vendor in the last decade has produced a less secure OS than Microsoft. Surely the user must be aware of this, and have accepted the risk.
    • Users accept the Windows EULA, which, among other things, allows Microsoft to remotely check Windows for proper activation - so they already have given up their privacy to a corporation.

    Now the sad thing is that this does come across as a troll, but sadly, it's true. And it needs to be addressed. For some reason, the /. crowd thinks it is acceptable that a majority of the population uses an OS which is horribly less secure than the ones we ourselves use (Linux, Macs, etc...). We're supposed to be the technical ones who have the solution to these problems, and yet, most /.ers just choose to blame the victim and whine about Microsoft being evil. Granted, we already know that.

    Is it really acceptable that our collective rights are surrendered because a major corporation finds more profit in insufficient design and testing of its software? I realize that most of you loathe Windows, but unless we actually do something to fix the social barriers to the adoption of Linux, we can expect that, because Windows is so insecure, our government will be able to convince SCOTUS that a computer user has no "reasonable expectation of privacy".

    It doesn't matter so much that this PRNG is insecure. A knowledgeable cryptographer isn't going to trust the OS for random numbers, anyway - unless it is in compliance with some standard to which their code must comply. What matters is that Vista is full of holes, and we're talking about a PRNG which no software of cryptographical consequence is going to use anyway.

    Instead, we ought to worry that Windows itself is easily compromised by the government. That is the real problem. Why would you break the PRNG when you can rootkit even a fully patched Vista box with an email?.

    • That email doesn't have a reasonable expectation of privacy...

      Afaik, this issue has only reached the federal appeals court level, and they ruled that email does have a reasonable expectation of privacy.

      The reason, as us techie guys so often forget, is that the "reasonable expectation" has nothing to do with the technical feasibility of someone violating your privacy. It has much more to do with social norms, the intent of the user, and active steps being taken by the privacy-violator. It doesn't mean that
    • I can have my car (and pretty much any Ford before about 1998) unlocked and started in less than 30 seconds with a screwdriver and a slimjim, and I don't have to get anybody to click "Yes" to do it. Not only that, but I could put it all back together with no damage! Furthermore, most cars are built like this.

      Why, if we use your logic, is my car protected?
      • Well, let's extend your analogy: Suppose you bought a Jeep. Would you expect the contents in the back to be safe from theft, or inspection by law enforcement? Vista is that Jeep - it exposes your personal life to anyone who wants to have a look, breaks down a lot, costs a lot to maintain, and leaves the user exposed to anything hostile coming its way.

    • Re: (Score:2, Insightful)

      > For some reason, the /. crowd thinks it is acceptable that a majority of the population uses an OS which is horribly less secure than the ones we ourselves use (Linux, Macs, etc...).

      You haven't done a survey so you don't know the usage. I'd imagine more than half of the /. crowd are gamers and thus satisfy their guilty pleasures on a vista box. There is a lot of complaining about vista here simply because that is the major OS of /. Your points are valid, but they are largely falling on ears deafened by
    • Re: (Score:3, Insightful)

      by Burz ( 138833 )
      I agree with the overall thrust of your post, BUT:

      unless we actually do something to fix the social barriers to the adoption of Linux

      ...seems to imply the problem mainly lies with society in general. But the problem is basically within the Linux community: You are trying to sell people on nothing. [slashdot.org] At least nothing they can grasp, being non-sysadmins and non-programmers.

      Contrast the product structure of "Linux" with more successful FOSS projects like Firefox and OpenOffice, and learn the lesson well... or be content watching MS not only rebound in desktop share, but use that to eventually

  • by deweycheetham ( 1124655 ) on Monday December 17, 2007 @05:12PM (#21731864)
    Supporting Information from Original Author:

    |Cryptanalytic Attacks on Pseudorandom Number Generators

    J. Kelsey, B. Schneier, D. Wagner, and C. Hall

    Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 168-188.

    ABSTRACT: In this paper we discuss PRNGs: the mechanisms used by real-world secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of this model (and our attacks) to four real-world PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions. | http://www.schneier.com/paper-prngs.html [schneier.com]

    If you have been keeping up with computer security, everyone should be aware of the weakness of Random Number generators and it's vast effects over large sections of the computer world. This is not trivial...

  • Worth Noting (Score:2, Interesting)

    by Anonymous Coward
    The talk [cr.yp.to] referenced by Schneier in his essay [schneier.com] as being the one that publicly disclosed the backdoor was given by two Microsoft researchers. So all the "OMG micro$oft iz so stoopid" posts might be a bit .... misdirected.
    • The talk [cr.yp.to] referenced by Schneier in his essay [schneier.com] as being the one that publicly disclosed the backdoor was given by two Microsoft researchers. So all the "OMG micro$oft iz so stoopid" posts might be a bit .... misdirected.

      Shhhh! That's not the way to bash Vista! Regardless, I was wondering when this little fact would spring up, and lo and behold it is by an AC after hundreds of 'stupid microsoft' quips.

      Let us all eat a large slice of humble pie.

  • The obvious joke here is that its a lot of trouble to go after the 12 people still using Vista. Baddump-bump!

    But seriously, this is a continuation of Microsoft's vendor-first, consumer-second approach.

  • This kind of reminds me of the old days of computing where random number generators simply cycled through a fixed series of values that would be repeated over and over each time you powered up the computer. One fun exploit of these early random number generators was to place two identical computers on the same circuit, then flip the switch causing both machines to boot simultaneously. Assuming the factors were reasonably identical, you could simultaneously launch any program that used random numbers and use
  • If true, do you really think Microsoft would 'want' to do this? They have been pretty strong privacy advocates, especially Gates, denying even backdoor access for Bitlocker in a fight several years ago when bitlocker was demonstrated to the FBI.

    If the government is FORCING MS to do this, then we should be calling our representatives and not sitting around speculating or smacking on Microsoft.

    The whole big brother NSA thing is very much a Republican/Bush/Neo-con era mechanism, and Gates and lots of others a

New crypt. See /usr/news/crypt.

Working...