Vista SP1 Has NSA Backdoor?

By toadeater
in Back Page News

 Share

Recommended Posts

Veteran

toadeater

Posted
Posted

Any thoughts about this?

A US cryptographer is warning that the random number generator Microsoft is bundling with SP1 includes a backdoor exploitable by the National Security Agency.

Random number generators are important because they provide the bedrock for SSL keys, which ensure secure internet communications for web browsing, email and instant messaging. Breaking the random number generator could leave user communications open to interception.

Security blogger Bruce Schneier believes this is precisely what will happen to the

"Dual_EC-DRBG" random number generator employed by Vista.

"There are a bunch of constants - fixed numbers - in the standard used to define the algorithm's elliptic curve," he says on his blog.

"These numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key."

"To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

Schneier believes that this "secret" second set of numbers are held by the US's National Security Agency, one of the agencies which he claims championed Dual EC-DRBG as a cryptographic standard.

Microsoft hadn't replied to request for comment at the time of publication.

http://www.pcpro.co.uk/news/149133/vista-s...or-exploit.html

Link to comment
https://www.neowin.net/forum/topic/607936-vista-sp1-has-nsa-backdoor/
Share on other sites
Grand Master

SirEvan

Posted
Posted

I dont know much about cryptography or such, but...couldn't you null-and-void this problem by running a program on your system like peer guardian or something to block any connections to your machine from known ips such as the NSA?

Grand Master

Argi

Posted
Posted
I dont know much about cryptography or such, but...couldn't you null-and-void this problem by running a program on your system like peer guardian or something to block any connections to your machine from known ips such as the NSA?

That's not really the point. ?Apart from the fact that if the NSA wants in your computer PeerGuardian wont save you, if a backdoor exists it's only a matter of time before someone with malicious intent cracks it.

Grand Master

Miuku.

Posted
Posted
Plus, it's the NSA... I'm pretty sure they could find a way around our security

Unlikely - they wouldn't be trying to go all out on cracking down on businesses developing high end security products (such as extremely high end encryption) and threatening them to sneak in backdoors if they could just "crack it all".

It's also not that easy to operate in foreign countries, no matter what movies tell you.

Grand Master

zhangm Supervisor

Posted
  • Supervisor
Posted

Here's the original source. The followup articles are more speculative. BTW, its not that Microsoft is specifically complying or collaborating with the NSA. Its more that the US government is releasing this as one of four encryption standards...

http://www.wired.com/print/politics/securi...itymatters_1115

Veteran

Farchord

Posted
Posted

You can tighten a lock all you want, it will never make it 100% secure.

It's a bit like mathematics. You can divide '1' by '2' as much as you want, you will never reach '0', you will always end up with more and more decimals.

Grand Master

ichi

Posted
Posted
While I can't dismiss this as FUD, I can say it doesn't matter. If the NSA really wants to know what's on your computer, they'll either come in your house and look when you're not there or they'll seize it directly and examine it.

The NSA is an USA agency (or whatever) while Windows is distributed worldwide. Does it really still not matter?

Collaborator

Pippin666

Posted
Posted
That's not really the point. ?Apart from the fact that if the NSA wants in your computer PeerGuardian wont save you, if a backdoor existsit's only a matter of time before someone with malicious intent cracks it.>
That's why backdoor are bullcrap stories.

Pip'

Grand Master

theyarecomingforyou

Posted
Posted
Also, why is this news? Its been like this for every major Windows release.

Because the NSA should have no special ability to get into systems, especially for non-US citizens. If this is true then it's yet another case of the US thinking it is superior to the rest of the world. I have more faith in China having access to my personal information than I do the US, which only goes to show how poorly I rate the US government / government agencies.

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted
Because the NSA should have no special ability to get into systems, especially for non-US citizens. If this is true then it's yet another case of the US thinking it is superior to the rest of the world. I have more faith in China having access to my personal information than I do the US, which only goes to show how poorly I rate the US government / government agencies.

What do you mean for especially not for non-us citizens... thats the whole point of the NSA :whistle:

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.