| Page 1 of 1 |
LeoNatan
☢ NFOHump Despot ☢
Posts: 73196
Location: Ramat Gan, Israel 🇮🇱
|
 Posted: Wed, 19th Dec 2007 12:15 Post subject: Vista SP1 Has NSA Backdoor? |
|
 |
| Quote: | A US cryptographer is warning that the random number generator Microsoft is bundling with SP1 includes a backdoor exploitable by the National Security Agency.
Random number generators are important because they provide the bedrock for SSL keys, which ensure secure internet communications for web browsing, email and instant messaging. Breaking the random number generator could leave user communications open to interception.
Security blogger Bruce Schneier believes this is precisely what will happen to the
"Dual_EC-DRBG"
random number generator employed by Vista.
"There are a bunch of constants - fixed numbers - in the standard used to define the algorithm's elliptic curve," he says on his blog.
"These numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key."
"To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."
Schneier believes that this "secret" second set of numbers are held by the US's National Security Agency, one of the agencies which he claims championed Dual EC-DRBG as a cryptographic standard.
Microsoft hadn't replied to request for comment at the time of publication. |
Source |
|
| Back to top |
|
|
pancake
Posts: 1091
Location: England
|
| Posted: Wed, 19th Dec 2007 17:54 Post subject: |
|
|
tinfoil hats at the ready!
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 27th Dec 2007 18:22 Post subject: |
|
|
good, I'm glad they do. I have nothing to hide and there are plenty that have. This is a life saver, bollocks to civil rights i say if it's for the greater good
No advertising.
|
|
| Back to top |
|
|
CaptainCox
VIP Member
Posts: 6823
Location: A Swede in Germany (FaM)
|
| Posted: Thu, 27th Dec 2007 20:23 Post subject: |
|
|
I guess the will fix it in time for the release...NOT! 
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 27th Dec 2007 22:29 Post subject: |
|
|
sort of the same goes for several american firewalls
|
|
| Back to top |
|
|
Phluxed
VIP Member
Posts: 4911
Location: Oakville, Ontario, Canada
|
| Posted: Fri, 28th Dec 2007 03:59 Post subject: |
|
|
Also - its got reduced performance from release in network xfer and hdd reading... sigh.
|
|
| Back to top |
|
|
LeoNatan
☢ NFOHump Despot ☢
Posts: 73196
Location: Ramat Gan, Israel 🇮🇱
|
| Posted: Fri, 28th Dec 2007 09:37 Post subject: |
|
|
WTF!? Weren't they supposed to INCREASE the HDD read/write speeds? 
Right now, Server 2008 RC1 runs so much faster than Vista, it's not even funny. I just hope it will get cracked as well, just like Vista did, so I could use it as my main OS.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 28th Dec 2007 15:52 Post subject: |
|
|
This is all too funny for so many reasons...
I also think fisk should be unbanned.
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
