Tuesday, January 15, 2008

NSA Backdoor in MSFT RND()?

According to Bruce, yes!

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor. It's not enabled by default, and it's not clear that a user could enable it. It's available as a program call. My advice is to never use it, ever. http://technet2.microsoft.com/WindowsVista/en/...http://msdn2.microsoft.com/en-us/library/aa375534.aspx Backdoor:http://www.schneier.com/essay-198.html

No comments: