Slashdot Mirror
Microsoft Denies It Built Backdoor Into Windows 7
CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."
And they also recommended a couple of changes to DES when it was being developed:
http://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
Folks at the time thought it was some nefarious backdoor, but a couple of decades later came to realize it actually improved the security of DES.
I think it's much more likely that the NSA would partner with Microsoft to ensure that Windows is actually more secure
It's not "likely." It's their job.
DES with twice the key length wasn't proportionally stronger, and the speed of computation was important enough that halving the key length with a negligible impact on strength was well advised.
3DES at 168 bits isn't nearly as strong, cryptographically, as AES or many other modern algorithms. Yet many of these algorithms can use 128-bit keys and 128-bit block sizes. So key size does not make the algorithm.
In hindsight, the NSA is fully validated on DES.