Slashdot Mirror
New Vista Random Numbers to Include NSA Backdoor?
Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.
I guess it's not so secret then, is it?
"I'm just here to regulate funkiness."
"It's not enabled by default, and my advice is to never enable it. Ever."
Given the known problems of Dual_EC_DRBG, which, from the Bruce Schneier article, include the fact that's slow, that it's got an obvious backdoor, and that it was inexplicably pushed for the NSA for seemingly no reason, why would Microsoft add it to Vista SP1?
Now adding the algorithm itself isn't really a backdoor per se, because no one is forcing you to use that particular random number generator. But it is also interesting to note that this isn't the first time Microsoft has been accused of inserting backdoors for the CIA or the NSA. Of course, Microsoft vehemently denies such allegations, but I would assume that they would. Given what the telcos did for the NSA, would anyone be surprised if it really did come out that the NSA actually forced Microsoft to put backdoors in Office or Windows?
My blog
You're concerned about security, and you're using WINDOWS VISTA???
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
i seeded the dual_EC-DRBG with the following ASCII strings the and got the following output in ASCII:
missionaccomplished -> LOL
waterboard -> buckshottotheface
osamabinladen -> loofahnotfalafel
iraq -> vietnam
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No surprise, really. After all, Microsoft did this a long time ago (remember the whole "NSA KEY" fiasco?)
http://en.wikipedia.org/wiki/NSAKEY
Is this "feature" back-ported to XP SP3, too?
SP3 is supposed to have some of Vista's most useful features as well as all previous bug fixes.
Would a shame to ruin a good service pack that speeds up XP by 10%.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
I see what you did there. You implied that anyone who criticizes the US or Vista is a paranoid loony. Now why would you do that? Do you just assume that people will criticize the US? Is the US that worthy of criticism that you have to defend it preemptively? I know that's a popular tactic these days, but is it entirely necessary? Nice how you posted AC, too. You sir are an all-around class act.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Agreed. The only interesting thing about this whole story is that the NSA apparently reviewed the PRNG function and rubber-stamped it, missing the critical vulnerability. Since the vulnerability really isn't that good of a backdoor, and doesn't seem to have been all that subtle, I think this is far more likely to be incompetence rather than malice on their part.
As an American, that doesn't make me feel a whole lot better -- in some ways, I'd really like to have the secret agencies of so many spy movies rather than the massive bureaucratic pile that I know exists in reality -- but disappointment in government is something I've gotten used to. You don't last long in Washington without it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
What Rights Online?
...does every article about Vista make me less likely to ever use it? Aren't things like this supposed to _improve_ with time?
So, let's review:
1. Government introduces a new cryptography standard (which it will presumably require for some applications) that requires that systems provide a choice of 4 random number generators, one of which MAY have a flaw.
2. Manufacturers implement the new standard.
3. Grand conspiracy!!!
Come on, could it just possibly be that Microsoft wants to be able to claim to be NIST 800-90 compliant for customers who want that kind of thing and that the NSA likes the idea of there being a variety of random number generators available? The only way that making this function available is a risk is the NSA also has control of the application and can force it to call this random number generator without properly seeding it. If they have that level of control, they have enough control to do whatever else they want in a much more direct way.
I like my beverages with warning labels!
What kind of commie doesn't just trust the NSA? I mean, we've got a FISA to protect us from the government and from corporations cooperating with rogue regimes, right?
--
make install -not war
I disagree.
This has absolutely nothing to do with open or closed source. A completely open source random number generator would have precisely the same vulnerability, because the problem isn't potential skulduggery by the vendor, it's potential skulduggery by the people who designed the standard.
What Microsoft has done is to implement a questionable standard. It makes no sense in this case to blame them for its shortcomings, especially since developers have alternative standards they can use.
Now when it comes to application software using a random number generator, then there actually is a closed/open source argument to be made. Do you know which random number generator is used by the software you use? With closed source, almost certainly not. With open source, programmers can undo the choice of the dodgy elliptic curve RNG and replace it with a more solid, equally standards compliance alternative. And get a speed boost too. You also know that you might not want to trust the source for your software if they use the inferior algorithm.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Maybe the NSA could have thought a little harder at entering a back door code. Secret sources have revealed the NSA back door code to be.
up, up, down, down, left, right, left, right, B, A
..........FULL STOP.
Have any expectation of privacy or security in the first place?
IIRC, some of the key SCOTUS decisions regarding the Fourth Amendment have centered around a person's expectation of privacy. They've argued:
That said, the government could persuasively argue that someone who runs Windows, especially Vista, has no expectation of privacy in the first place:
Now the sad thing is that this does come across as a troll, but sadly, it's true. And it needs to be addressed. For some reason, the /. crowd thinks it is acceptable that a majority of the population uses an OS which is horribly less secure than the ones we ourselves use (Linux, Macs, etc...). We're supposed to be the technical ones who have the solution to these problems, and yet, most /.ers just choose to blame the victim and whine about Microsoft being evil. Granted, we already know that.
Is it really acceptable that our collective rights are surrendered because a major corporation finds more profit in insufficient design and testing of its software? I realize that most of you loathe Windows, but unless we actually do something to fix the social barriers to the adoption of Linux, we can expect that, because Windows is so insecure, our government will be able to convince SCOTUS that a computer user has no "reasonable expectation of privacy".
It doesn't matter so much that this PRNG is insecure. A knowledgeable cryptographer isn't going to trust the OS for random numbers, anyway - unless it is in compliance with some standard to which their code must comply. What matters is that Vista is full of holes, and we're talking about a PRNG which no software of cryptographical consequence is going to use anyway.
Instead, we ought to worry that Windows itself is easily compromised by the government. That is the real problem. Why would you break the PRNG when you can rootkit even a fully patched Vista box with an email?.
The society for a thought-free internet welcomes you.
Supporting Information from Original Author:
|Cryptanalytic Attacks on Pseudorandom Number Generators
J. Kelsey, B. Schneier, D. Wagner, and C. Hall
Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 168-188.
ABSTRACT: In this paper we discuss PRNGs: the mechanisms used by real-world secure systems to generate cryptographic keys, initialization vectors, "random" nonces, and other values assumed to be random. We argue that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such. We propose a model for PRNGs, discuss possible attacks against this model, and demonstrate the applicability of this model (and our attacks) to four real-world PRNGs. We close with a discussion of lessons learned about PRNG design and use, and a few open questions. | http://www.schneier.com/paper-prngs.html
If you have been keeping up with computer security, everyone should be aware of the weakness of Random Number generators and it's vast effects over large sections of the computer world. This is not trivial...
"Children so stupid they think America invented the Internet, computer, motor car, light bulb, telephone etc ad infinitum...."
Hmmm.....America invented the:
Internet.....check
Computer.....check...holy crap...modern computing actually has it's roots in TEXAS of all places (see the integrated circuit)...so DOUBLE check
Motor Car....check again...lol - who would have thought, surely SOMETHING on this list was not invented by America
Light Bulb....check again, wow
Telephone.....and....wait for it.......check
ReaLemon is yummy
The talk referenced by Schneier in his essay as being the one that publicly disclosed the backdoor was given by two Microsoft researchers. So all the "OMG micro$oft iz so stoopid" posts might be a bit .... misdirected.
Germany invented the car.
An automobile powered by an Otto gasoline engine was built in Mannheim, Germany by Karl Benz in 1885 and granted a patent in January of the following year under the auspices of his major company, Benz & Cie. which was founded in 1883.
Although several other German engineers (including Gottlieb Daimler, Wilhelm Maybach, and Siegfried Marcus) were working on the problem at about the same time, Karl Benz is generally acknowledged as the inventor of the modern automobile.[5] In 1879 Benz was granted a patent for his first engine, designed in 1878. Many of his other inventions made the use of the internal combustion engine feasible for powering a vehicle and in 1896, Benz designed and patented the first internal combustion flat engine.
Approximately 25 Benz vehicles were built and sold before 1893, when his first four-wheeler was introduced. They were powered with four-stroke engines of his own design. Emile Roger of France, already producing Benz engines under license, now added the Benz automobile to his line of products. Because France was more open to the early automobiles, more were built and sold in France through Roger than Benz sold in Germany.
Daimler and Maybach founded Daimler Motoren Gesellschaft (Daimler Motor Company, DMG) in Cannstatt in 1890 and under the brand name, Daimler, sold their first automobile in 1892. By 1895 about 30 vehicles had been built by Daimler and Maybach, either at the Daimler works or in the Hotel Hermann, where they set up shop after falling out with their backers. Benz and Daimler seem to have been unaware of each other's early work and worked independently.
Daimler died in 1900 and later that year, Maybach designed a model named Daimler-Mercedes, special-ordered by Emil Jellinek. Two years later, a new model DMG automobile was produced and named Mercedes after the engine. Maybach quit DMG shortly thereafter and opened a business of his own. Rights to the Daimler brand name were sold to other manufacturers.
Karl Benz proposed co-operation between DMG and Benz & Cie. when economic conditions began to deteriorate in Germany following the First World War, but the directors of DMG refused to consider it initially. Negotiations between the two companies resumed several years later and in 1924 they signed an Agreement of Mutual Interest valid until the year 2000. Both enterprises standardized design, production, purchasing, sales, and advertising--marketing their automobile models jointly--although keeping their respective brands. On June 28, 1926, Benz & Cie. and DMG finally merged as the Daimler-Benz company, baptizing all of its automobiles Mercedes Benz honoring the most important model of the DMG automobiles, the Maybach design later referred to as the 1902 Mercedes-35hp, along with the Benz name. Karl Benz remained a member of the board of directors of Daimler-Benz until his death in 1929.
Telephone was the culmination of the work of several people, and so the nationality of the inventor is in dispute. Bell did most of his work on the telephone in Canada.
The first computer was a German invention (Konrad Zuse's Z3 in 1941).
The first automobile was a French invention (1881).
The light bulb had already been invented by several people, mostly European, before Edison perfected it.
The pursuit of absolute tolerance leads to the most rigorous and ludicrous intolerance. - REX MURPHY
Well surely that implies he'll not have time to work either? So who's going to earn money to feed them and pay the mortgage? I assume it's the African-Americans mentioned in the story - if so, why not mention this benevolence in the story - surely it's a mitigating factor? Frankly, I'm beginning to suspect the telling of this story has a racist bias.
Let's walk through these expert comments one step at a time:
Anybody who is paranoid about this issue
Did you see what just happened there? This is a clever sleight of words used to disparage and marginalize anyone who questions his premise. Disagree? Put on your tin foil hat and go to the psych ward. There's no room for discussion or even consideration of alternatives. Based on my direct, but very distant experience, Bruce is right in calling the backdoor.
The Common Criterial evaluators look for such issues
They do? Really? Anyone that has undergone EAL evaluation knows it's a giant tree-killing documentation project above all. I don't want to bore anyone with the details of CC evaluation, but it's not a creditable rebuttal to the issue. The meat of the matter from wikipedia "Higher EAL levels do not necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively validated." http://en.wikipedia.org/wiki/Common_Criteria
As another post so insightfully states, there's no reason why, IF some project actually needs the feature, they can't install it as a library. Just like we all do for openssl on windows.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Lol - you know, I actually had a line about Babbage, but deleted it, figuring that there was no need to point out the distinction between what the op was referring to and what Babbage actually designed (but never created).
;)
I think the argument could be made that Bell was in America when the telephone was invented - not conceived.
Regarding the lightbulb - toss up in my opinion. Edison built the first functional working model. Again, the difference between concept and function.
Point taken on the auto's, so I'll submit to Benz, but one also has to look at the timeline / functionality of Selden and the Duryea's vs. the first model of Benz.
Actually, the Internet is the one on the list that I had the most doubt about because there was a lot of work in England as well, even though we mostly recognize ArpaNet as the Internet's birth. Thanks for the reminder to never count on my memory
ReaLemon is yummy
Bzzzt, wrong! Even though he is dead, his guy: http://en.wikipedia.org/wiki/Konrad_Zuse would argue with that.
Wait another dead guy wants a chat - http://en.wikipedia.org/wiki/Karl_Benz - says he invented the automobile.Um, better check your's again, I think its a bit dim if not burnt out. If you refer to Edison, he was not even close to the first to demonstrate what is now known as the incandescent light bulb. http://en.wikipedia.org/wiki/Lightbulb
Well, 2 out of 5 ain't bad right? Well, the telephone is not a sure thing, so lets make it 1.5.
Going on means going far
Going far means returning
"Don't worry, our Chinese contractors assure us there are no NSA backdoors"
Internet: Yeah, we did.
Computer: Arguable, depends on your definition of what constitutes a computer. Take a look at the work of Konrad Zuse. Yes, the US invented the integrated circuit.
Motor Car: No, Benz, Daimler and others invented the car. However, an American, Ford, was the first with an affordable mass-produced car.
Light Bulb: Edison may not have invented the light bulb but he did significantly improve it and mass produced the first long-lived incandescent.
Telephone: Given that telephone is the name of a specific invention by Alexander Graham Bell, yeah, we did. Other inventors claimed to have transmitted sound over wires contemporaneously or nearly so. The courts stood by Bell's patent. Bell was a naturalized citizen of the US so we get to claim him.
The constants were:
4, 8, 15, 16, 23, & 42
Hmmm...
Whether the NSA have the second set of numbers or not is immaterial - the fact that they might have them is sufficient to make this implementation insecure.
Now with OSS, we can change the set of numbers used to one of our own choosing, and use the algorithm with a reasonable expectation of security.
With Vista? Sorry, mate, but there's no way to change the numbers.
Hope that explains why people are concerned about this.
One swallow does not a fellatrix make