Microsoft throws crypto foes an untouchable elliptic curveball While Washington mulls ways to make crypto less effective, the industry, thank heavens, continues to push in the other direction. Microsoft Research has just published an elliptic curve library it reckons is considerably faster than what's currently available. Outlined in this International Association for Cryptologic Research …
This is part of the new Microsoft, I guess. Explicit support for Linux using gcc. Licensing is the MIT license - pretty much "do what you want".
Haven't tried compiling yet (my gcc is one version back from what they have tested, and my CPU only has AVX, not AVX2).
Still, looks like a good thing. Kudos to Microsoft!
I hope external crypto folks examine it with a fine tooth comb!
Even the choice of name is something that's startling and would never have been seen from the Microsoft of old. Google yes, Open Source movement definitely, but old grand-daddy Microsoft?
Either this is a rogue division who didn't ask upper management for approval of the name before launch, or Microsoft really are willing to give the US government the finger which I never would have imagined.
Perhaps because it's so out of character, I have my doubts about how secure this new algorithm really is. Like a middle aged man, wearing teen fashion and inviting kids back to his house to play on his PlayStation, the situation leaves me deeply uneasy.
Microsoft is really a couple different companies that happen to have the same name. The R & D groups tend to be given boatloads of cash to spend on whatever they want while some of the other groups are beaten down and forced to crap out code at the direction of the marketing and management overlords.
"And for the spooks to work out how to break it in less than 'n' seconds."
Yes, as in standard practice for encryption algorithms since about 1950. Keeping your code secret and assuming it's unbreakable didn't work too well for the bad guys in World War 2, and so sensible people release their code set and see how long it takes other people to break it.
Interestingly the guys that developed Enigma knew it breakable they just assumed that no one who's be bothered to actually look together the resources in time try.
Two vital elements they overlooked. The fact that the operators of Enigma were lazy and didn't follow protocol giving the guys and girls at Bletchley Park something to go at and the fact that Britain is (or certainly was) full eccentrics who weighs jump at the chance of cracking something like Enigma in the first place.
If you want to see how scary that telemetry and reporting is... go here: http://someonewhocares.org/hosts/
Down near the bottom of the list is:
#<Windows10>
# Windows 10 reporting domains127.0.0.1 a-0001.a-msedge.net
and followed by approximately 55 items to be blocked.
There's also several websites on blocking everything (except for any federally mandated backdoors that are hush-hush) out there with a bit of Googling.
I guess the Windows10 list will do for Windows 7 and 8.1 - I'm sure they're heading that way.
I guess you hadn't got the word. Unless you pay really close attention they've done it twice already and on the second patch Tuesday, they reinstated the one's you set hidden. Only saving grace, if you can call it that, they're still optional. Rule of thumb now is to carefully check the kb articles. Might help,....
Not sure carefully checking helps any longer since they stated they'll stop giving detailed explanations of updates. You'll actually need to search non Microsoft sites to find out which updates are Trojan horses from now on and i won't be trusting a Microsoft owned search engine for that.
One bunch a week or so ago gave no useful info on the Microsoft kb pages, took 30min identifying the rotten ones :(
Oh I've got the word alright. I guess my words were a little bit conservative compared to what I really think. Trying to stick to a level that doesn't invite 'tin-foil hat' comments.
Bollocks to that. What I believe is that Microsoft fully intend to bring the level of monitoring and control that home/pro users of Windows 10 'enjoy' to Windows 7 and 8.1 (and maybe even Vista) home/pro users.
To that end, Windows Update has now become a Trojan Horse which needs to be watched and severely constrained.
Businesses and governments, of course, will be allowed to be free of this.
@Paul Shirley - yes to all you said. I search widely to find out what the updates do. If I can't find out, then the update stays ignored. After a time it gets hidden if I can't be satisfied with it.
Interesting idea to fit a high grade door lock for that house of wet cardboard called Windows.
If all that energy I have seen MS talking about security in, oh, the last two decades or so at presentations, trade shows and sales meetings would have been used to actually make the platform itself more secure it would have been credible. Sadly, what Windows 10 does suggests that where as "the industry" is pulling the other way, Microsoft is not.
We need improvement, not gestures. Fix the basics first, and prove it.
No complaints from me and mine. Then again I've been of the opinion that regularly jumping up and down on the pyramid of abstractions and API's is a healthy thing. Then you weed out the redundancies and contradictions. If it's not fit for purpose then why the fuck are you still (mis)using it that.
But I've never had a problem with the whole rip & replace of entire megabyte blocks of the kernel, thousands of operating system programs, the entire desktop,... Little things like that. There's a reason no one uses my computers and Mom says that I'll have an electronic friend in my grave. [She's not kidding either.]
"Interesting idea to fit a high grade door lock for that house of wet cardboard called Windows."
This is where actually reading the article comes in handy. This is an encryption library from Microsoft Research, not a new feature explicitly for Windows (that operating system which is mentioned precisely *never* in the article, and in the same breath as Linux in the README.)
This is where actually reading the article comes in handy. This is an encryption library from Microsoft Research, not a new feature explicitly for Windows
Hmm, let me see. Microsoft Research. Funded by Microsoft. Windows. Made by Microsoft, shoved down the throat of many through misinformation, monopoly abuse and pretty much every trick in the same book that Google is now using, which generates the money to do that research.
The problem is that what MS Research develops and which gets trumpeted to the market as yet another Microsoft achievement never actually makes it into the products itself - all they use is the glory and shine. I have seen this so often that MS uses all its experts to convince a gullible audience that Microsoft products are secure because they developed some good idea or concept elsewhere, but without actual implementation it remains BS. I have seen plenty of good ideas being bandied around, after all, they buy in a lot of experts. Unfortunately, the only department that seems to actively use those ideas is Microsoft marketing.
Maybe you ought to do more than just read articles. Thinking, for instance. Let's take the last time Microsoft actually touched a technology for use in production. If what happened to Kerberos isn't enough of a hint you really ought to go brush up on your history.
Hmm, let me see. Microsoft Research. Funded by Microsoft. Windows. Made by Microsoft, shoved down the throat of many through misinformation, monopoly abuse and pretty much every trick in the same book that Google is now using, which generates the money to do that research.
Someone famously said that conspiracy theorists are skeptics who lack critical thinking skills.
Microsoft did all the right things here, and we can all benefit. The source code is published (under a very permissive Open Source licence) for review and improvement by independent security experts -- and even by Internet trolls.
I'm kind of with the AC here. Not because of Microsoft... but those above Microsoft.
Putting my tinfoil hat on...
If I were the NSA and wanted to get around the current problem of current encryption stopping me from gaining access to other peoples communications it would be tempting to build a new system better than the current systems. As such here would be my requirements:
1.New Encryption system which to the user is better and faster than any other as far as the user is concerned.
2.I must have a master key to said encryption system which the user does not know exists..
3.User must have access to source code of encryption system to really believe their encrypted volumes are completely secure.
4.Encryption system is clever enough that even with the source code discovering the master key is exceptionally difficult - something like a complex mathematical problem which requires a super computer to decipher.
5.The new encryption system was to be distributed by another other than myself who was in some ways trusted but of course under our control.
To finish of my dastardly plan I would need to prove that the previous encryption systems were in some way fallible...
I'm kind of with the AC here. Not because of Microsoft... but those above Microsoft.
I'd go slightly more generic: no encryption algorithm should ever be trusted without independent experts taking it for a ride and dissecting the cr*p out of it, so the GOOD thing is that they took the first step and made it public - the only way to ever gather enough trust.
There have been many, many new crypto algorithms - few pass peer review, which hasn't happened. It is thus too early to claim it's "untouchable" (which they did not claim, but the article writer), and too early to invest any trust in it. Meanwhile, going back to basics, even if it *was* good it causes quite a dissonance with Microsoft's new "gimme access to everything" EULA for Windows 10. Personally, I see the latter a far more important issue to solve.
no encryption algorithm should ever be trusted without independent experts taking it for a ride and dissecting the cr*p out of it
Yes, that's a widely-held opinion.
And it'd be relevant if FourQLib contained any "new crypto algorithms". But it doesn't. It's a new implementation of well-known algorithms, using parameters and (well-known) techniques chosen to improve performance and other useful characteristics.
I've just skimmed the paper, but I don't see anything particularly novel in it - which is good. It appears to be solid, thorough work combining decades of research in finite-field arithmetic and ECC into a very nice implementation. They use some quite recent key results (see e.g. their references [19], [27], [50]), which is one reason why we will want to see analysis by other ECC experts, but overall this is evolutionary, AFAICT.
What it most definitely is not is a "new crypto algorithm". And, of course, as a zillion people have already pointed out, the authors work for Microsoft Research and have as much influence over the Windows EULA as I do, so your final two sentences are utterly irrelevant.
"And it'd be relevant if FourQLib contained any "new crypto algorithms". But it doesn't. It's a new implementation of well-known algorithms, using parameters and (well-known) techniques chosen to improve performance and other useful characteristics."
Since implementation is equally important as algorithm in security, one has to treat a new version of a library with the same suspicion as a completely new one. Besides, when it comes to efficiency, one has to be wary of introducing side-channel avenues. A paranoid might even propose the increased efficiency are precisely so as to introduce side-channel attacks.
'If someone who wrote and distributed trojans and virri wrote and encryption algorithm, would you trust it? It might the the best thing since sliced bread but M$ is just another scum producer looking for brownie points.'
I'm actually sort of impressed at the sheer number of applicable fallacies you managed to pack into just one inane post.
No algorithm is known in the line of exploiting smoothness as for the sub-exponential factorization techniques.
At any rate, no such algorithm has been published, and no one has published any credible reason to believe one exists, which is as good as the situation gets.
(There are techniques for attacking particular ECC constructions, such as Pollard's rho against ED discrete log, which are faster than naive approaches; but they just tell us what the effective key length is.)
Perhaps equally importantly, the phrase "inherently insecure" is meaningless without context. Security is not an absolute attribute. All encryption is "inherently insecure" against some attacks, such as suborning an authorized user; that's not a part of the threat space that encryption protects against. Someone who asks a question like the OP's is just demonstrating a poor understanding of information security. And there may not be any shame in that, particularly (who can be an expert in every aspect of their profession?) - but it means the question is as much a category error as anything else.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
