back to article MS to bundle 'broken' random number tool in Vista SP1

Microsoft plans to bundle a cryptographically flawed pseudo random number generator in its upcoming service pack for Windows Vista. Cryptographers have expressed concern about a possible backdoor in a standard for random number generators approved by the National Institute of Standards and Technology (NIST) this year. The …

COMMENTS

This topic is closed for new posts.
  1. Cameron Colley
    Black Helicopters

    Think of the terrorists!!!!!

    Surely it is necessary to make encryption weak, or give it back doors, so the RAVING JIHADISTS can't communicate in secret and kill us all? If you're innocent you have nothing to hide!!!!!!!!!!

  2. James Hunter
    Joke

    a better system already exists...

    http://xkcd.com/221/

  3. Christos Georgiou
    Alert

    re: Think of the terrorists!!!!!

    I am almost sure that Cameron was being sarcastic. I just wanted to add my €0.02 by saying that whenever someone next to me says in a straight face "If you're innocent you got nothing to hide!", I usually reply, "yes, but when I send emails to friends with my opinion about you, you wouldn't the rest of the world to know what a complete arsehole you are, isn't it?"

  4. Mike Street

    "If you're innocent you got nothing to hide!"

    "So, you don't have curtains then?" is my usual reply to that particular piece of nonsense.

  5. Anonymous Coward
    Go

    Anyone serious about cryptography

    Uses a random number generator based on physics not on software. Things like thermal noise random number generator IC's, for example like the True Random Number Generator (TRNG) RPG100 / RPG100B IC's.

    http://www.fdk.co.jp/cyber-e/pi_ic_rpg100.htm

  6. Anonymous Coward
    Alert

    Is it any wonder..

    When MS don't use standards such as ODF it's all their fault and everyone is up in arms at them.

    And when they do follow a approved standard as they are now, it's still all their fault and no ones any happier with them. Is it any wonder they continue to push their own formats/protocols

  7. amanfromMars Silver badge

    The Secrecy Flaw....... or is it a glass ceiling?

    Secrecy invariably is used because harm can ensue from what is being developed and then concealed. It is always never good for who would ever want to conceal something good. Ergo is secrecy bad?

    And yes I know that there are "good" secrets too which are secrets just to make money but they are hardly good either given that they are hidden just for that exclusive sake.

    If everyone knew everything the world would be a better place for then there would be so much more to do than harm although whether man is smart enough for such simplicity/complexity is debatable. Some can't even spell their name or add simple figures which limits them to ........ well, it limits them in the wider world, which is sad and a failing in Societies that would think to call themselves educated/civilised/modern/21st century. ...... although are we not all of the same age or are some societies in a completely different Age/Time Zone/GeoSpatial Anomaly?

  8. Anonymous Coward
    Anonymous Coward

    Suspected RNG doesn't have to be used

    The referenced RNG is required to be available/installed on any OS or software expecting to get used by US government computers or subcontractors. For that reason alone, you can expect it to be available in many popular OSs and software products. However, it's use isn't required.

    Microsoft decided to make it's use optional. It isn't the default. That fact, coupled with widespread news of its inherent weaknesses mean it's highly doubtful anyone will use it.

    So, it's an issue that it is required to be installed at all, but who would require its use? Not, Microsoft. A Microsoft employee, Niels Ferguson, is one of the original paper's co-authors discussing the weaknesses. I don't see anyone using it when there are other more reliable and trusted RNGs. Hopefully it will die a natural death.

  9. Martin Owens

    Is it any wonder?

    >> Is it any wonder they continue to push their own formats/protocols

    Stop thinking Microsoft is some bloke down the pub, I'm sick of the sympathy when their rap sheet reads worse than a brutal industry rampage murdering spree.

  10. Michael H.F. Wilkinson Silver badge
    Black Helicopters

    Physics based RNG and terrorists

    There is a problem with using true random numbers in encryption: you can only use them as a one-time pad, i.e. as a key as large as the cyphertext, precisely because the receiver cannot predict the next random number in the sequence. Being able to do such a prediction based on a relatively small key (or public/private key pair, see RSA) is essential for decoding. When a true random number generator is used, the key (i.e. the true random sequence) must then be sent through a secure channel, which, if available could have been used to send the message in the first place. Alternatively, you need to send a DVD full of true random bits to your associates, and progressively use that sequence. This is very secure (provably uncrackable) but a bit over the top. A beter way still is using quantum cryptography.

    Regarding terrorists: I have this image that they are simply disguising their messages as spam, and sending it to EVERYONE, including the NSA and the like. In the midst of all their mortgage proposals and the like, there are coded messages that those in the know can decode.

    AARGH, we are all DOOMED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  11. Dan

    @James Hunter

    Use demographics instead!

    http://xkcd.com/190/

  12. Andrew

    Re: Is it any wonder?

    "Stop thinking Microsoft is some bloke down the pub, I'm sick of the sympathy when their rap sheet reads worse than a brutal industry rampage murdering spree."

    Do you truly think the Microsoft are worse than companies that commit corporate manslaughter? They're worse companies hard at work deforesting the globe? Surely you jest? I can't think of the last time Microsoft Office killed anyone, I mean at least World of Warcraft has some recorded deaths.

    All these people who call Microsoft evil seem to have a really skewed idea of what is evil. I mean i'm sure theres plenty of people considering suicide because Microsoft don't conform to some Open standards but I think the world is probably better off without them. Then everyone who is left will perhaps gain some perspective about what is important in the world.

    Andrew

  13. Anonymous Coward
    Anonymous Coward

    do the other 3 algos also have back doors?

    Lack of proof of back door is not proof of lack of backdoor.

    The researchers figured out that one of the 4 random number generators had a back door in it. They did not figure out YET any backdoor in the other 3, and have not proved there is no backdoor in the other 3.

    This algo is not needed in the OS at all, the claim it is needed for government work is bogus. The claim it is optional is unproven.

    The best thing to do is to generate a one time pad by digitizing white noise into a file so you have a large enough file to only use the numbers once. (or the hardware solutions to this are also good if from a trusted supplier).

  14. Anonymous Coward
    Go

    Re: Physics based RNG and terrorists

    The reason you rarely see TRNG used is not due to the reasons you stated. The reason, aside from the specialized hardware requirements not present in standard PC platforms, is that you need to also provide a pseudorandom number generator to be used during the debugging process where you need to be able to reproduce the random number sequence.

  15. Guy
    Gates Horns

    Re:Re:Is it any wonder

    How many suicide notes have been prepared on Word, come to that how many threaening letters, MS is responsible for at least 50% of the bad news that drops through you letterbox every morning and you say Word has never hurt anyone????

  16. Nathanael Bastone

    I still don't see...

    why atmospheric noise could not be used. surly building a microphone onto a motherboard is not hard?

  17. Alan Potter
    Happy

    Coolest random number generator ever

    http://www.lavarnd.org/

    I mean, like, this is like woah, man. I mean like it's just awesum and cool and wow...

    Anybody got any Mars bars? I'm starting to get the munchies...

  18. Fraggle
    Alert

    Nothing to hide

    ""So, you don't have curtains then?" is my usual reply to that particular piece of nonsense."

    The alternative, if you're in their house or otherwise have immediate access to their possessions, is to just start rifling through them on the spot, then when challenged, simply state that they have nothing to hide. It's even better if you can find something intensely personal like a journal/bank statement/love letter/copy of Britney Spears' latest album to hand.

    Okay, I admit it, I haven't actually done this yet. Still waiting for someone to say it to me since I thought of it.

  19. Ed

    Re:Re:Is it any wonder

    Microsoft does not directly kill people.

    However, they have managed to foist their software into places which are incompatible with their warranty - you know, the one that says it should never be entrusted with people's lives? Yet Microsoft's sold many site licenses to both hospitals and manufacturers of medical equipment, and Windows CE is the embedded OS for numerous medical devices. Microsoft *knew* what those companies did before they signed those deals. Personally, I feel the other party in each of those deals was more responsible, because they should have known Microsoft's record, and frequently (if not always) required to certify compliance periodically with regulations which read to me as 'Do not use Microsoft-grade software'.

    For what it's worth, I do not know that anyone I know has died because of a medical device running Windows CE having an OS problem. The one case where I have a suspicion, it was really just a matter of time anyway. But I have talked with geeks in the medical industry who have had access to said devices (some of them even made said devices) who were able to attest that the version of Windows CE on them was no different than the version that they had on some other consumer device.

    However, I've also seen a situation where hospital staff were presented additional difficulty in responding to emergency situations, because their computers had locked up. Nobody died in the situation I witnessed - but only because some incredibly good, incredibly skilled people violated the procedures they were supposed to follow to address the situation. (Note: one of them was one of the people who set up those procedures; the others did not violate them until he indicated that they needed to and it was appropriate in this case.) Actually, possibly the biggest issue I have with Microsoft in this case: they'd worked a deal with the hospital to get their software at a significant discount - but only if it was used for all of the systems. IMHO, a hospital should not be using the same software on its primary and backup systems; instead, they should be provided by competing organizations which follow the same standards, and certify their products to work with each other. (For those who may lack reading comprehension, just having an industry which has two such companies is not viable - if every hospital was a customer of both of those companies, the companies aren't really competing, are they?)

    Oh, and finally, have you checked out Microsoft's investment portfolio? I've heard it's a killer... For that matter, so was the Bill and Melinda Gates Foundation, last time I checked.

  20. Anonymous Coward
    Boffin

    Michael H.F. Wilkinson

    "When a true random number generator is used, the key (i.e. the true random sequence) must then be sent through a secure channel, which, if available could have been used to send the message in the first place"

    Not quite true. The existing secure channel is (normally) public/private key encryption (or asymmetric encryption) such as RSA. The problem with this is that it's very computationally expensive to have a channel remain on this. The asymetrically encrypted channel is used to exchange the agreed random key which is then used to create a private key encryption (symmetric encryption) which needs much less processing overhead.

    Granted, this relies on the public key already being known without interference. However it's relatively quick and easy to do, such as sending the public key and then using another method (phone, text) to send the hash for the public key. This provides a secure channel without the overhead of asymmetric encryption calculations or the overhead of sending a large key by other means (disk via the post, reading out an extraordinarily long number on the phone, sending multiple texts). From memory, this is the loose definition of how SSH works.

    Phew! Knew that course at uni would come in handy some day! Invitations to pick holes in the above by request only... :-)

  21. Anonymous Coward
    Anonymous Coward

    Selling string vests to the Eskimo's

    Given that technicaly there is no such thing as a random number then why is everybody crying about what they dont fully understand and blindly accepting what somebody else has said.

    If people are that worried then make a nice USB2 or PCI(e) hardware card that generates random numbers and sell that making alot of profit. That said in reality alot of people cry foul but rarely do they do more than that.

    So on that note I declare Microsoft the official ice-cube and thermal string vest seller to all polar regions.

    PS if your realy realy worried about this - start a petition to the priminster of the UK; 1000 votes gets you a good answear, collect over 50,000 votes and you get an even better answear - collect a full 1000,000 votes and you will get the true answear and possibly a patch for the UK. Its all about perception, make your perception known if your worried about it and have a legit reason. Me, I'll note it and carry on using my OpenBSD box for issues of the heart.

  22. Anonymous Coward
    Thumb Up

    @AMFM

    You had me convinced you were your creator typing until the "Age/Time Zone/GeoSpatial Anomaly" bit. Otherwise, grats on the new algo.

  23. Anonymous Coward
    Anonymous Coward

    Hardware pnrg

    I thought hardware based pnrg was already floating around on some platforms - in those tpm chips vista ultimate insists on for bitlocker drive encryption and in via's padlock on cpu security platform, the latter at least samples on chip electrical noise, so unless the nsa have a back door to the basic laws of physics too...

  24. BitTwister

    @Andrew

    > gain some perspective about what is important in the world.

    Well, here's some perspective for you about what's important in *this* world, the IT-related world:

    S T A N D A R D S

    You know - those boring & openly shared, discussed and approved details which ensure 'thing A' can work fully with 'thing B' irrespective of its source, and precisely the sort of thing Microsoft works hard to avoid so only *their* proprietary "standard" exists - and the rest of the world can either conform or go hang.

    [Excised by Reg moderator.]
  25. Geoff Mackenzie

    Re: Microsoft 'standard compliance'

    Standards exist so that everyone can do something the same way. This is great for documents and protocols but there's no compelling reason to define a standard for random number generation. As long as your numbers are random, your method is not important, and when someone suggests we all agree on a method of generating pseudorandom numbers surely you've got to wonder who stands to benefit from the adoption of that standard?

    Conforming to standards is always in someone's interest. Shame Microsoft only seem capable of managing this feat when it's not in their customers' interest.

    PS: Isn't amanfrommars doing well these days? If it wasn't for that gibberish about 'good answer' in response to petitions to the Prime Minister that could have been a Turing Test beater...

  26. Adrian Esdaile
    Alert

    Bloody heck, it all made sense!

    Absolutely everything Amanfrommars said makes sense. Either he is losing his mind, or I've lost mine; I can't work otu which.

  27. moonoi
    Coat

    Hmm I've read this somewhere before........

    "Suspicions that this weakness might be used as a backdoor have been fueled by the NSA's support of Dual_EC_DRBG in the standards-setting process."

    Sounds like someones been reading Digital Fortress by Dan Brown and decided its not a novel but a historical text of a genuine event :-p

  28. Anonymous Coward
    Paris Hilton

    Re: Digital Fortress

    You mean the NSA didn't take up Dan Brown's idea?

  29. Andrew

    @BitTwister

    Why should Microsoft conform to other peoples standards? Why dont Apple and Creative have conform to a common interface for thier mp3 players? To lock people into thier format, thats why. Every company does it just some are more successful than others. Microsoft have become so successful at achieving lock-in that they're now a natural monoploy. Does this status mean they should be compelled to Standards other people set? Of course it doesn't they are a private company and they can do what ever they like within the law (or outside the law if the fines are small enough, see anti trust lawsuits)

    Now i'm not a Microsoft apologist, I run a small business, we run Linux, develop on Java and make extensive use of open source frameworks. Even in doing this theres lock in being attempted by the projects we use. But in the end most IT systems are closed loops, so although standards are great they dont actually have much effect on most users. For IT systems the big watch words should always be Quality Control, you can get on Microsofts back about that but not standards which dont matter.

    Andrew

  30. JimC

    @ Andrew - standards which dont matter

    > so although standards are great they dont actually have much effect on most users

    Says the man who's obviously using a web browser...

  31. Andrew

    @JimC

    I am using a web browser, and guess what it doesn't conform to all the standards laided down in all the web specifications. It conforms to most of them and renders every webpage as I would expect. Would a totally compliant browser be better?, possibly but the effect of not being totally compliant is negliable.

    Andrew

  32. BitTwister

    @Andrew

    > Why should Microsoft conform to other peoples standards?

    Firstly, they're not "other peoples" [sic] standards, they're everyone's standards That's the whole point of a standard: everyone knows how it works and everyone can make something to use it - so everyone can benefit. And contribute improvements to it if necessary.

    Secondly, in relation to IT-related standards, Microsoft are playing amongst the big boys now so it really ought to learn how to behave and simply co-operate instead of attempting to embrace and extinguish existing, well-documented and well-used standard methods.

    > Why dont Apple and Creative have conform to a common interface for thier mp3 players?

    I think you miss the point here. Having buttons arranged in a certain way on a player can't really be defined as a standard in the sense of web page encoding standards, or (say) communication standards. Button arrangement is more of an aesthetic matter, and what a user needs to jab in order to play a track isn't really in the same league as a web page which is designed to render correctly on only one breed of browser. 'WWW' is 'World Wide', not 'Windows Wide'.

    > Microsoft have become so successful at achieving lock-in that they're now a natural monoploy.

    You seem to state this depressing state of affairs as if it's some sort of worthwhile and laudable achievement - but in reality it's just a suppressive tactic to crush fair competition by weight of numbers alone. Microsoft's "innovations" (the VERY few it can actually claim any credit for) are mediocre at best and if forced to play on a level playing field, it would likely have faded away long ago.

    > Does this status mean they should be compelled to Standards other people set?

    Yes of course it does, if Microsoft expects to play with others already using those standards. To do otherwise is merely arrogant and disruptive. Besides, there's nothing stopping Microsoft from contributing to existing standards or originating their own - but the recent debacle with its efforts to force a poisoned and proprietary document pseudo-standard into becoming an ISO standard illustrates very clearly why Microsoft MUST conform to standards. Yet even when it tries to launch a standard it demonstrates in one stroke that it has no understanding of an open standard and that it is only interested in its own agenda.

    > they are a private company and they can do what ever they like within the law

    Of course - but oafish bullying shouldn't be tolerated, and neither should clumsy take-overs of WWW standards which cause compliant browsers to render pages incorrectly.

    > although standards are great they dont actually have much effect on most users.

    Try telling that to someone creating Redbook-compliant audio CDs.

    > For IT systems the big watch words should always be Quality Control

    Which in any IT department worth its salt would include standards compliance - even if that only means conforming to an internal corporate standard of dealing with information.

    > but not standards which dont matter.

    Andrew, a global web standard DOES matter.

This topic is closed for new posts.