… reported by Dan Shumow and Niels Ferguson about 4 months ago?
I did a quick post about it here after reading about it at Bruce Schneier’s blog.
The problem is that NSA submitted an elliptic curve algorithm for inclusion in a new NIST standard for random number generation which contains certain constant values whose origin is unknown. Might not sound as something important but as discovered earlier this could open up the possibility for a “secret key” which could allow for unlocking of encrypted data. The fact that NSA submitted this (much slower than the others) algorithm also helps stir up the crypto community.
Not much has since been reported on the issue, until yesterday (by Schneier again).
The big news is that the flawed PRNG is to be shipped with SP1 for Windows Vista. It is not going to be the default PRNG, but it is still going to be included as an option to developers.
Why is this a problem? Well,
First, you are damn sure going to have to look real close at any application you employ to secure your data as you are in the hands of the developers of the applications. More or less, you will have to request the source code if you really want to be sure, and even then it can be a real hassle to find any references to the offending algorithm.
Second. Why did they implement a flawed algorithm found by their own analysts? Yes, Dan Shumow and Niels Ferguson is employed by Microsoft. Specially as they have been urgently patching other PRNG flaws in their OS’s recently. Some say this is to meet the whole NIST standard, but come on, who would implement a crypto technology that is flawed. I mean, that kind of breaks the whole idea of cryptography in the first place.
Third, what if Microsoft issues a patch or security update which silently sets Dual_EC_DRBG to the default PRNG ? Then all your data could be read by “someone”. Do you trust MS? This leads me to the…
Final point. Who has the skeleton key? NSA? Microsoft? Someone else?
