-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As reported by Bruce Schneier (A very well known cryptoanalyst),
Microsoft has added the Dual_ElipticCurve- PseudoRandomNumberGenerator to Windows Vista.
Exactly this PRNG has is suspected to have a backdoor added to it,
The Overview of Windows Vista Service Pack 1 states: "The Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it."
- - From Did NSA Put a Secret Backdoor in New Encryption Standard? By Bruce Schneier, Wired News, November 15, 2007:
In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.
This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.
What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.
The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHiyK4LAZ+Vq4hPgARAiEmAKDT3SXjRrImTxUYwheeOJl+shzsOgCeJf7j
O/5jZwEnPpMxOu7jVQ3maHo=
=DF2y
-----END PGP SIGNATURE-----
Subscribe to:
Post Comments (Atom)
2 comments:
Please correct typo in title :
his name's Schneier !
"As reported by Bruce Schneider (A very well known cryptoanalyst)"
Thanks. It's corrected.
A common misspelling of his name.
Post a Comment