1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Crypto 'backdoor' in Vista SP1

Discussion in 'Article Discussion' started by CardJoe, 19 Dec 2007.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. Cupboard

    Cupboard I'm not a modder.

    Joined:
    30 Jan 2007
    Posts:
    2,148
    Likes Received:
    30
    Even including it is a bad idea - someone will use it, either accidentally or being secure only for the pretence of being innocent while some data is nicked. It is a broken feature, with no legit use that I can see, that just serves to increase the bloat.

    Silly MS... oh well.

    Do we know why they didn't just forget about it and quietly remove it?
     
  3. Starfighter

    Starfighter New Member

    Joined:
    4 Apr 2004
    Posts:
    154
    Likes Received:
    0
    So, in order to organise an attack on a computer, a malicious user would have to somehow alter the code of an application, so that it used this flawed PRNG?

    This is hardly an issue, as if a malicious user is changing program code, surely he could just make it use his MAGIC_PRNG, which always returns ... 2?

    But that would hardly generate a front page story eh?
     
  4. sendrome

    sendrome the whole #!/bin/sh

    Joined:
    19 Dec 2007
    Posts:
    3
    Likes Received:
    0
    I don't think this makes Vista less secure.

    OK sure the Dual_EC_DRNG has a potential back door, but no one knows for sure who has this second set of secret numbers. We do know that no one has published this "Skeleton Key" yet and there is a chance no one ever will. Also, because it is off by default, average users most likely won't ever enable this setting on purpose or by accident.

    But yes, it does make one wonder why MS wouldn't just exclude this flawed encryption.... Conspiracy?
     
  5. DeXtmL

    DeXtmL New Member

    Joined:
    7 Sep 2007
    Posts:
    50
    Likes Received:
    0
    Indeed, why keep this flawed version of random generator in the not-yet published sp1? What difficulty makes microsoft think it's necessary to ship the potential backdoor to us endusers?
     
  6. completemadness

    completemadness New Member

    Joined:
    11 May 2007
    Posts:
    887
    Likes Received:
    0
    Its already in Vista (and all other NT based OS's)

    I'm guessing its not because they've put it in, but because they haven't taken it out
    It might actually be difficult to remove it in a Service pack
     
Tags: Add Tags

Share This Page