Slashdot Mirror
Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption (windows.com)
At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.
But who is the totalitarian government? China or the United States?
Being that the world is recovering for a wide spread ransom ware attack caused from an long time "unpatched flaw" used by the United States National Security Agency. It would make sense for a government such as China to try to protect its data with its own "security measures".
I am not being naive in not bringing up that China will probably have an encryption algorithm with a back door so the government can weed out subversives. However chances our our counties being the United States, United Kingdom, Canada, Germany, France... Are not agencies of good and riotous, but have a complex set of national needs to protect order.
While I am sure profit was Microsoft big factor, however there is also a general global self interests to make sure the world stays up to date in software. Being that Windows is so dominate world wide not caving in for this case, would mean China would use outdated hacked versions of Windows, with their spying happening anyways. At least with Microsoft having some control, the fact that the Chinese Windows 10 has Government Encryption will let subversives to know what not to use.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"enable the government to use its own encryption algorithms"
This would either imply one of two things (or both):
1. The Chinese Government wants to install encryption backdoors in its own systems, to prevent employees from keeping secrets from it.
2. The Chinese Government is worried that the US government has installed encryption backdoors in the standard algorithms and wants to enable its employees to keep secrets from the US government
Could be both.
Fear of US back doors, wants Chinese back doors.
I suspect though that it will end up being less secure wither way. Less tested for attack however they implement it.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
> It's funny that people don't realize that
> MS's holds the master encryption key,
> which they'll happily share with whomever pays the most ... or any court that orders them to.
That said, Microsoft has UNQUESTIONABLY taken steps to limit the scope of any one court's or government's ability to compromise that master key by using it to encrypt sub-keys used to encrypt sub-sub-keys used to encrypt the *actual* key they'd have to reveal.
Example: a new installation of Windows generates a 256-bit salt (probably derived from the license key or GUID) & stores it locally, then communicates it to Microsoft (who also discerns the country). Microsoft computes the sha256 hash of that salt plus their own sub-sub-key, then repeats it a million times with the output of the previous hash in place of their sub-sub-key. They then communicate the final hash back to the newly-installed Windows, which securely stores a copy & uses IT as its master key going forward. If a future court demands the key, MS obtains the salt from the computer in question, re-derives the key, and shares THAT with the court. Salt unobtainable? Mathematically-impossible to re-derive the key in any sane amount of time. Key revealed? The court can now decrypt THAT computer, but no other. If push came to shove, Microsoft shares the sub-sub-key(s) for that jurisdiction plus the algorithm, and tells them to have fun.
The important point: the master key ITSELF is stored in pieces distributed across multiple jurisdictions, INCLUDING Russia and China... the likelihood that they'd ever act in union is approximately zero. So the US might be able to compel Microsoft to disclose their "US" sub-key(s), and the pieces of the master key that US courts can order the disclosure of, but it would NEVER be able to obtain the complete global master key.
It sounds like in this case, Microsoft has basically generated a new master key for the China-Government edition, delegated responsibility for its safeguarding to China, and washed its hands. It has no implications for non-Chinese users, unless you're using a pirated Chinese-Government copy (which, in all likelihood, will have so much malware added by whomever made the pirated copy available, the theoretical ability of China's government to decrypt it would be the LEAST of your real-world problems).
Or we could just *snicker* pirate a Chinese version.
Oh the ironing!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Interestingly, China used to be a totalitarian state but I think they've moved over into the authoritarian state category.