Crypto 'backdoor' in Vista SP1

Author: Gareth Halfacree
Published: 19th December 2007
Comments (5) Stumble
Crypto 'backdoor' in Vista SP1

Value your privacy? Perhaps Windows isn't the right choice for you.

Microsoft is to implement a random number generator in Windows Vista Service Pack 1 which has a known flaw, described by security researchers as a 'back door'. The weakness could, at worst, allow an unknown attacker to decrypt EFS-protected data and SSL sessions such as used for internet banking and World of Warcraft logons.

It's not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG, at all.

The algorithm, approved by the American National Institute of Standards and Technology (which, for you paranoiacs out there, works closely with the No Such Agency), is based on elliptic-curve mathematics and uses a set of constants to 'seed' the generation. It has been determined by security researchers Dan Shumow and Niels Ferguson that these constants have a special relationship to a second, secret set of numbers.

In theory, anyone who has the second set can determine what 'random' number the algorithm will pop out at any given time. Which has cryptologists such as Bruce Schneier suitably worried.

By default Vista SP1 will use the CTR_DBG algorithm (based on the Advanced Encryption Standard) which is thought to be more secure than the possibly-backdoored Dual_EC_DRBG. As a result, a developer would actually have to make a concious effort to use the possibly-insecure algorithm and thus put the security of encrypted data at risk.

Still, it's a disquieting thought that the heart of any system designed to offer users privacy could have such a major flaw and still get shipped to end-users.

Thinking about keeping your encrypted data off-net in a locked vault, or is this a load of paranoiacs flapping over nothing? Let us know via the forums.
Quote Cupboard 19th December 2007, 18:46
Even including it is a bad idea - someone will use it, either accidentally or being secure only for the pretence of being innocent while some data is nicked. It is a broken feature, with no legit use that I can see, that just serves to increase the bloat.

Silly MS... oh well.

Do we know why they didn't just forget about it and quietly remove it?
Quote Starfighter 19th December 2007, 20:22
So, in order to organise an attack on a computer, a malicious user would have to somehow alter the code of an application, so that it used this flawed PRNG?

This is hardly an issue, as if a malicious user is changing program code, surely he could just make it use his MAGIC_PRNG, which always returns ... 2?

But that would hardly generate a front page story eh?
Quote sendrome 19th December 2007, 21:55
I don't think this makes Vista less secure.

OK sure the Dual_EC_DRNG has a potential back door, but no one knows for sure who has this second set of secret numbers. We do know that no one has published this "Skeleton Key" yet and there is a chance no one ever will. Also, because it is off by default, average users most likely won't ever enable this setting on purpose or by accident.

But yes, it does make one wonder why MS wouldn't just exclude this flawed encryption.... Conspiracy?
Quote DeXtmL 20th December 2007, 10:53
Quote:
Originally Posted by sendrome

But yes, it does make one wonder why MS wouldn't just exclude this flawed encryption.... Conspiracy?

Indeed, why keep this flawed version of random generator in the not-yet published sp1? What difficulty makes microsoft think it's necessary to ship the potential backdoor to us endusers?
Quote completemadness 25th December 2007, 00:51
Its already in Vista (and all other NT based OS's)

I'm guessing its not because they've put it in, but because they haven't taken it out
It might actually be difficult to remove it in a Service pack
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.