Slashdot Mirror
New Vista Random Numbers to Include NSA Backdoor?
Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
"It's not enabled by default, and my advice is to never enable it. Ever."
I see what you did there. You implied that anyone who criticizes the US or Vista is a paranoid loony. Now why would you do that? Do you just assume that people will criticize the US? Is the US that worthy of criticism that you have to defend it preemptively? I know that's a popular tactic these days, but is it entirely necessary? Nice how you posted AC, too. You sir are an all-around class act.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Agreed. The only interesting thing about this whole story is that the NSA apparently reviewed the PRNG function and rubber-stamped it, missing the critical vulnerability. Since the vulnerability really isn't that good of a backdoor, and doesn't seem to have been all that subtle, I think this is far more likely to be incompetence rather than malice on their part.
As an American, that doesn't make me feel a whole lot better -- in some ways, I'd really like to have the secret agencies of so many spy movies rather than the massive bureaucratic pile that I know exists in reality -- but disappointment in government is something I've gotten used to. You don't last long in Washington without it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
So, let's review:
1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
2. Manufacturers implement the new standard.
3. Grand conspiracy!!!
Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.
I like my beverages with warning labels!
Customers who want to use the ECC generator can choose to use it. This is rather like turning on FIPS mode.
As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of. The Common Criterial evaluators look for such issues and submit issues for fixing if and when they find them. Other governments are not going to be willing to buy a system with a NSA backdoor. From a more practical demonstration point of view, if there was a backdoor, governments would not need to get warrants for inserting hardware keyloggers or custom malware on systems to access system information. Governments both in the US and elsewhere do this, which suggests that no backdoor is available.
I disagree.
This has absolutely nothing to do with open or closed source. A completely open source random number generator would have precisely the same vulnerability, because the problem isn't potential skulduggery by the vendor, it's potential skulduggery by the people who designed the standard.
What Microsoft has done is to implement a questionable standard. It makes no sense in this case to blame them for its shortcomings, especially since developers have alternative standards they can use.
Now when it comes to application software using a random number generator, then there actually is a closed/open source argument to be made. Do you know which random number generator is used by the software you use? With closed source, almost certainly not. With open source, programmers can undo the choice of the dodgy elliptic curve RNG and replace it with a more solid, equally standards compliance alternative. And get a speed boost too. You also know that you might not want to trust the source for your software if they use the inferior algorithm.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Who even says that at an RNG has to be at the OS level? If NSA or its customers want to use Dual_EC_DRBG, there is nothing stopping them from doing so on Vista or any other OS.
As another poster said, where in the OS is this used? Do you know? Does anyone but Microsoft?
My blog
My blog
What you're essentially proposing is encrypting the same data twice, first with the questionable algorithm, then with another algorithm of your choice. If that's the case, you might as well just encrypt it with the second algorithm, hopefully more complicated than just shifting and adding. ;)
More Twoson than Cupertino
Look at the FIPS and CC documentation. Governments do use these systems in security critical environments, but they configure them very carefully. There is configuration data available on how to configure system for security critical environments. Selecting your random number generator is one of the things you can do.
The staff working on this are noted cryptographers who do know what they are doing. I have been working with the cryptographers at Microsoft for some time and I have been working in crypto related areas for > 20 years.
> As for backdoors, anybody who is paranoid about this issue will ignore or disbelieve me when I say that there is no backdoor that I am aware of.
I can believe that you don't know, but would they really tell you if there were such backdoors?
> Governments both in the US and elsewhere do this, which suggests that no backdoor is available.
If you had a backdoor which allows you to access remote computers anywhere would you
a) Tell everyone that you can do it
b) Use some dummy keyloggers and malware to suggests that you can't do it