Microsoft is to implement a random number generator in Windows Vista Service Pack 1
which has a known flaw, described by security researchers as a 'back door'. The weakness could, at worst, allow an unknown attacker to decrypt EFS
-protected data and SSL
sessions such as used for internet banking and World of Warcraft
It's not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG
, at all.
The algorithm, approved by the American National Institute of Standards and Technology
(which, for you paranoiacs out there, works closely with the No Such Agency
), is based on elliptic-curve
mathematics and uses a set of constants to 'seed' the generation. It has been determined by security researchers Dan Shumow and Niels Ferguson that these constants have a special relationship to a second, secret set of numbers.
In theory, anyone who has the second set can determine what 'random' number the algorithm will pop out at any given time. Which has cryptologists such as Bruce Schneier suitably worried
By default Vista SP1 will use the CTR_DBG
algorithm (based on the Advanced Encryption Standard
) which is thought to be more secure than the possibly-backdoored Dual_EC_DRBG
. As a result, a developer would actually have to make a concious effort to use the possibly-insecure algorithm and thus put the security of encrypted data at risk.
Still, it's a disquieting thought that the heart of any system designed to offer users privacy could have such a major flaw and still get shipped to end-users.
Thinking about keeping your encrypted data off-net in a locked vault, or is this a load of paranoiacs flapping over nothing? Let us know via the forums