Vista SP1 Includes "Crypto" Backdoor Page: 1
Vista SP1 Includes "Crypto" Backdoor
It has been discovered that Microsoft has decided to include a random number generator in Vista's Service Pack 1 that has a known flaw.
Known as Dual_EC_DRBG, this algorithm utilizes a set of constants based on elliptical mathematics in order to seed a second set of numbers.  This means that the second set of numbers is based off of the first set of constants.  Thus, anyone who possesses the set of constants could theoretically determine the next number the generator would spit out, creating a security risk.
What's even stranger is that Microsoft has also included the CTR_DBG algorithm, widely-considered more full-proof, set as the default generator.  Thus, developers would need to make a conscious effort to use the flawed algorithm.  This begs to question why Microsoft included the Dual_EC_DRBG algorithm in the first place.
Is Microsoft so far gone that they are including things for absolutely no reason at all?  Or does this algorithm have some hidden function?
Discuss in our Forums