New Vista Random Numbers to Include NSA Backdoor? 269
Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
From the article (Score:3, Insightful)
Clever! (Score:5, Insightful)
Re:Much Ado About Nothing (Score:5, Insightful)
As an American, that doesn't make me feel a whole lot better -- in some ways, I'd really like to have the secret agencies of so many spy movies rather than the massive bureaucratic pile that I know exists in reality -- but disappointment in government is something I've gotten used to. You don't last long in Washington without it.
OK, this is just stupid. (Score:5, Insightful)
1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
2. Manufacturers implement the new standard.
3. Grand conspiracy!!!
Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.
Re:Given the known problems of Dual_EC_DRBG (Score:3, Insightful)
Customers who want to use the ECC generator can choose to use it. This is rather like turning on FIPS mode.
As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of. The Common Criterial evaluators look for such issues and submit issues for fixing if and when they find them. Other governments are not going to be willing to buy a system with a NSA backdoor. From a more practical demonstration point of view, if there was a backdoor, governments would not need to get warrants for inserting hardware keyloggers or custom malware on systems to access system information. Governments both in the US and elsewhere do this, which suggests that no backdoor is available.
Re:Conspiracy theorists come forth! Now it the tim (Score:5, Insightful)
This has absolutely nothing to do with open or closed source. A completely open source random number generator would have precisely the same vulnerability, because the problem isn't potential skulduggery by the vendor, it's potential skulduggery by the people who designed the standard.
What Microsoft has done is to implement a questionable standard. It makes no sense in this case to blame them for its shortcomings, especially since developers have alternative standards they can use.
Now when it comes to application software using a random number generator, then there actually is a closed/open source argument to be made. Do you know which random number generator is used by the software you use? With closed source, almost certainly not. With open source, programmers can undo the choice of the dodgy elliptic curve RNG and replace it with a more solid, equally standards compliance alternative. And get a speed boost too. You also know that you might not want to trust the source for your software if they use the inferior algorithm.
Re:Fuck You AmeriKKKa! (Score:2, Insightful)
I'm 24 years old. I don't want to go through the next 50 years of my life living in an international air of worry and uncertainty. I don't want to live in a permanent state of fear, generated by a megalomaniacal American government taking advantage of the majority low IQ populous' capacity for being brainwashed.
Can I suggest you up your meds? Your current dosage isn't doing its job.
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
As another poster said, where in the OS is this used? Do you know? Does anyone but Microsoft?
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
Re:Really... (Score:4, Insightful)
Re:Given the known problems of Dual_EC_DRBG (Score:4, Insightful)
Look at the FIPS and CC documentation. Governments do use these systems in security critical environments, but they configure them very carefully. There is configuration data available on how to configure system for security critical environments. Selecting your random number generator is one of the things you can do.
The staff working on this are noted cryptographers who do know what they are doing. I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.
Re:Given the known problems of Dual_EC_DRBG (Score:5, Insightful)
I can believe that you don't know, but would they really tell you if there were such backdoors?
> Governments both in the US and elsewhere do this, which suggests that no backdoor is available.
If you had a backdoor which allows you to access remote computers anywhere would you
a) Tell everyone that you can do it
b) Use some dummy keyloggers and malware to suggests that you can't do it
Re:speaking of backdoors... (Score:2, Insightful)
Well surely that implies he'll not have time to work either? So who's going to earn money to feed them and pay the mortgage? I assume it's the African-Americans mentioned in the story - if so, why not mention this benevolence in the story - surely it's a mitigating factor? Frankly, I'm beginning to suspect the telling of this story has a racist bias.
Stop the Senseless Moderation! (Score:3, Insightful)
Anybody who is paranoid about this issue
Did you see what just happened there? This is a clever sleight of words used to disparage and marginalize anyone who questions his premise. Disagree? Put on your tin foil hat and go to the psych ward. There's no room for discussion or even consideration of alternatives. Based on my direct, but very distant experience, Bruce is right in calling the backdoor.
The Common Criterial evaluators look for such issues
They do? Really? Anyone that has undergone EAL evaluation knows it's a giant tree-killing documentation project above all. I don't want to bore anyone with the details of CC evaluation, but it's not a creditable rebuttal to the issue. The meat of the matter from wikipedia "Higher EAL levels do not necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively validated." http://en.wikipedia.org/wiki/Common_Criteria [wikipedia.org]
As another post so insightfully states, there's no reason why, IF some project actually needs the feature, they can't install it as a library. Just like we all do for openssl on windows.
Re:Given the known problems of Dual_EC_DRBG (Score:3, Insightful)
I'll heed Schneier's concerns over your schilling any day. I'd set his words to music before accepting that soiled "expert opinion" you're pushing, because at the very least you are deranged for smearing those concerns as "paranoid" against the backdrop of massive government spying we see today.
Re:Does anyone who uses Vista... (Score:2, Insightful)
You haven't done a survey so you don't know the usage. I'd imagine more than half of the
Re:Clever! (Score:3, Insightful)
Thats true. That does not imply what that any criticism is paranoid. It is possible for a subject to be criticized legitimately by some people, and delusionaly by others. He's referring to those who always lose arguments due to godwin's law.
Re:Does anyone who uses Vista... (Score:3, Insightful)
Contrast the product structure of "Linux" with more successful FOSS projects like Firefox and OpenOffice, and learn the lesson well... or be content watching MS not only rebound in desktop share, but use that to eventually kick FOSS out of the server space as well. MS already has the cooperation of governments to standardize on Active Directory for Internet/Web logins! Think about that. [samba.org]
In short, by referring to "Linux" as anything more than a kernel, you are leading all sorts of people (even programmers from the end-user application space) into a great deal of unexpected confusion, denying them a stable computing platform in the process... a platform that could have been a viable alternative to Redmond's greedy mendacity. It as if we all started referring to any browser or other program with Gecko in it as "Firefox", and millions of people put those "Firefox" distros on the shelf intending to switch over "someday".
The Linux geekdom think they are so intelligent; In truth they've yet to learn even how to speak. Count me off that bandwagon.
Re:Given the known problems of Dual_EC_DRBG (Score:3, Insightful)
Essentially, Dual_EC_DRBG is a public-key encryption algorithm* disguised as a random number generator. The NIST parameters are a public key. The generator has some painfully-generated random internal state. It steps by encrypting* using the internal state as a parameter. It outputs the ciphertext*. It sets the plaintext* as the next state. To recover the next state, or even to distinguish the next state from random*, is equivalent to breaking the encryption algorithm. EC-DH is a pretty well-respected algorithm, so probably nobody is going to break it. This would imply that the DRBG is secure, i.e. nobody else can distinguish it from actual random numbers.
*Not quite accurate, but a full explanation would be an automatic TL;DR.
Unless, of course, the government (or someone else) has the private key (the "back door") corresponding to that public key. They probably don't, but they almost certainly can't prove it. Since Dual_EC_DRBG is slow, only paranoid people would recommend it anyway. Because of the potential back door, no cryptographer thinks you should use it, but Microsoft has included it anyway. This is probably to say they meet some government standard, but it's causing a tempest in a teapot, possibly because it reminds people of the whole _NSAKEY mess.
And yes, I am a cryptographer.