Computing in the real world
SEARCH FOR: IN:
      
Welcome Guest  Register Log in

News 

[PSUs]
Tuesday 18th December 2007
Vista SP1 bringing back door exploit? 4:08PM, Tuesday 18th December 2007
A US cryptographer is warning that the random number generator Microsoft is bundling with SP1 includes a backdoor exploitable by the National Security Agency.

Random number generators are important because they provide the bedrock for SSL keys, which ensure secure internet communications for web browsing, email and instant messaging. Breaking the random number generator could leave user communications open to interception.

Security blogger Bruce Schneier believes this is precisely what will happen to the
"Dual_EC-DRBG"
 
 
ADVERTISEMENT
random number generator employed by Vista.

"There are a bunch of constants - fixed numbers - in the standard used to define the algorithm's elliptic curve," he says on his blog.

"These numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key."

"To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

Schneier believes that this "secret" second set of numbers are held by the US's National Security Agency, one of the agencies which he claims championed Dual EC-DRBG as a cryptographic standard.

Microsoft hadn't replied to request for comment at the time of publication.

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News



Top 10 Broadband

150+ broadband packages

Compare 30+ mobile broadband deals

Powered by Top 10 Broadband


Columns

Prolog:

After eight years in a caring relationship, Tim Danton is falling for a desktop once again. › See full Opinion