Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Backdoor in Vista

Posted by ryuzaki0 on from the inappropriate-comments-aplenty dept.

mytrip wrote to mention a C|Net article stating that Vista will not have a security backdoor after all. From the article: "'The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."

7 of 269 comments (clear)

  1. Right. by Fantastic+Lad · · Score: 5, Insightful
    Over my dead body,' he wrote in his post titled Back-door nonsense."

    I suspect the NSA, (who I seem to recall left a few stray tags lying around in a previous version of Windows' code), would look at you dead-pan and agree.


    -FL

    1. Re:Right. by hey! · · Score: 5, Insightful

      I'd be disappointed if NSA ever resorted to anything so crude. NSA is an agency of savants not a mob of freebooting bucaneers. Assasination is so CIA.

      NSA surely is well aware of the way that trust can, unintentionally, propagate. Everybody trusts something; if somebody doesn't want to cooperate, you obtain his unwitting cooperating by coopting something he trusts. Does he personally supervise the building of every release and patch? Certainly not. He trusts the release process to carry out his intentions. Even if the individuals involved are not cooptable, they trust their compilers to generate object code that is perfectly isomorphic to their source code. Those who do not trust compilers trust their debuggers, disassemblers and operating system utilities.

      Those who do not trust their operating system utilities, and live-boot from randomly chosen operating systems or remove their hard disks and examine them using a hand coded manchine language program on a custom built computer lacking a bios or operating system to be subverted, still trust the network to transfer their object code to the mastering facility, or their optical disk burning software to burn the image accurately. Or they trust the facility to read that data correctly, and to press it as they intended to the distribution media.

      Those who trusted none of this and checked the hard disks by hand coded machine code on a hand wired computer without BIOS or operating system probably deserve assasination, but even so this is hardly necessary, since everyone gets patches over the Internet. A simple black bag job to retrieve the signing keys, and nobody can trust anything anymore.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Right. by Zeinfeld · · Score: 5, Insightful
      I think it's much easier for MS to sack him and then change the code.

      I know Niels, he certainly would not have any difficulty getting another job. He was pretty well known before he went to Microsoft. He was the cryptographer who worked on Two-Fish with Bruce Schneier. Microsoft has been hiring pretty much all the top security talent they can over the past five years.

      Cryptography and data security is pretty much a guild craft. If Niels made such a categoric statement and it turned out to be untrue his personal reputation would be severely damaged. Microsoft can't force him to lie for them and since he works in the Netherlands trying to would be most inadvisable.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. What else would he say? by mangus_angus · · Score: 5, Insightful

    "The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data,' Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. 'Over my dead body,' he wrote in his post titled Back-door nonsense."


    I think we would be reading about his dead body if he came out and admitted that there were backdoors being put into Vista.

  3. "Trust me," he said by replicant108 · · Score: 5, Insightful

    'Over my dead body,' he wrote

    The problem with closed software is that we have to take his word for it.

  4. AHA! by der_joachim · · Score: 5, Insightful

    So it's a secret backdoor. :-)

    --
    Geek runner, motorcyclist and professional know-it-all
  5. ... that he knows of. by dprovine · · Score: 5, Insightful

    Aside from the obvious "what about buffer overruns?" questions, aimed at the usually poor competence Microsoft shows in writing code, there's also "what about cryptographic strength?" question -- maybe the NSA already has a simple and fast way to break whatever encryption BitLocker will end up using.

    And, of course, there may well be several people working at Microsoft who actually work for the NSA or MI-6 or the FSB. (I'd be astonished if there weren't at least a few such people on the Microsoft payroll.) Those people may well do things as described in Reflections on Trusting Trust, without letting their superiors know.