Microsoft adds NSA backdoor to Windows Vista

[Guest guest]

Microsoft adds NSA backdoor to Windows Vista

Schneier on Security

A blog covering security and security technology.

« Friday Squid Blogging: Squids in Medicine | Main | New Identity Theft Tool »

December 17, 2007

Dual_EC_DRBG Added to Windows Vista

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor.

It's not enabled by default, and my advice is to never enable it. Ever.

EDITED TO ADD (12/18): I should make this clear that the algorithm is available as a program call. It is not something that the user can enable or disable.

 

 

Posted on December 17, 2007 at 10:22 AM

Digg this • Add to del.icio.us • Technorati Links

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

 

Comments

 

 

You know what would be scary? If they secretly started using this algorithm even if you requested something else. Could anyone tell? What if they only pulled the switch under specific conditions (i.e. Chinese language versions)?

Posted by: Eric at December 17, 2007 10:59 AM

 

 

 

 

Or Microsoft could just enable Dual_EC-DRBG to be used sometime in the future after most people forget it's there.

Posted by: Nick at December 17, 2007 11:21 AM

 

 

 

 

1.) How do you switch it on and off?

2.) How do you know what state it is in(of or off)??

Posted by: annic at December 17, 2007 11:46 AM

 

 

 

 

Either a stealth Windows Update will turn it on, or a future critical security fix will quietly make it the default.

Posted by: derf at December 17, 2007 11:48 AM

 

 

 

 

I got to this point, "When developing Windows Vista, Microsoft set out to provide higher levels of productivity, mobility, and security, with lower costs." Then my BS Detector went off.

Microsoft lowering costs! Yeah right.

Posted by: HAL at December 17, 2007 12:11 PM

 

 

 

 

Well, it's good to know that Microsoft is at least keeping their security flaws up to date.

Posted by: Joe at December 17, 2007 12:20 PM

 

 

 

 

"[...] and my advice is to never enable it. Ever."

Are you referring to the RNG or to Vista? :-)

Posted by: stacy at December 17, 2007 12:21 PM

 

 

 

 

But Microsoft *is* lowering costs - the costs of the recording studios.Microsoft *is* increasing security - making it possible for the RIAA to check what you've got without the owner of the computer knowing.Microsoft *is* increasing productivity - that of the lawyers prosecuting the DRM cases for the RIAA.

Everybody else? click 'n' wait.

Posted by: electron at December 17, 2007 12:23 PM

 

 

 

 

Yeah electron, everybody is going to buy a Zune which is a giant flop. They're making music low cost, but high loss.

"Robertson, "I've been looking for a good verb to describe losing all of your music to DRM because it's increasingly common and I think I have one: zune.""http://www.engadget.com/tag/michael%20robertson/

Posted by: HAL at December 17, 2007 12:45 PM

 

 

 

 

>the costs of the recording studios.Uh no. Actually most recording is HD based and Vista is a performance dog. In the past you'd base your studio around a Windows platform to save money. But with Vista, you need more HW for the same performance and thus the costs go up.

Leave the recording studios out of the record label / DRM madness. We're victims just like you.

Posted by: mark at December 17, 2007 12:47 PM

 

 

 

 

@stacy:

Based on the purported complexity of Vista, can any assurances be made with respect to the security of that product?

http://www.forbes.com/free_forbes/2007/0226/050.html

Posted by: Patrick Star at December 17, 2007 12:48 PM

 

 

 

 

Anyone who runs Windows is a fscking schmuck and deserves what they get for their poor choice in operating systems.

Posted by: grandma at December 17, 2007 01:08 PM

 

 

 

 

You should know that the documentation linked to states that the default RNG in Vista SP1 will not be Dual_EC_DRBG, but the RNG based on AES, which is CTR_DRBG, which Schneier recommended in his post warning against Dual_EC_DRBG.

Dual_EC_DRBG is only called when the programmer explicitly calls for it. Therefore, the way to make sure that Dual_EC_DRBG is not used is to perform a source code audit. The auditor must search the source code of the program in question for the constant named BCRYPT_RNG_DUAL_EC_ALGORITHM and the string "DUALECRNG" to make sure that they are either completely absent from the program or used to throw exceptions when their use is detected in runtime, and must make sure that the programmers did not program Dual_EC_DRBG in themselves.

Posted by: Jesse Viviano at December 17, 2007 01:09 PM

 

 

 

 

" [...] Therefore, the way to make sure that Dual_EC_DRBG is not used is to perform a source code audit"

With Windows you cannot audit the source code. Use Linux/xBSD instead of Windows.

Posted by: Anonymous at December 17, 2007 01:13 PM

 

 

 

 

"Gartner survey found that 64% of companies planned to begin moving from Windows XP to Windows Vista by the winter of 2008." via Information Week.

Good news story for security industry insiders."Malware authors will step up efforts to attack Windows Vista in 2008, as Microsoft's latest desktop operating system passes the 10 percent market share milestone, according to security firm McAfee."

If attacks are going up, why in the world would 64% of biz users being heading in that direction? Nucking futs.

Posted by: HAL at December 17, 2007 01:29 PM

 

 

 

 

Um, not to be a spoilsport, but isn't this in the NIST standard? Why doesn't the blame belong there, instead of Microsoft implementing it?

Posted by: Chris at December 17, 2007 01:46 PM

 

 

 

Imagining a Windows system that's been rigged to always use the backdoored RNG leaves us with lots of interesting posibilities:1. Inject compromised machines into the supply line for your adversary. I mentioned "Chinese language versions" earlier, but you could probably be more focused than that.2. If you ever crack your adversary's machine, modifying the crypto DLL is an extremely subtle attack they're unlikely to detect.3. If you can get your adversary to be paranoid about Windows Update, chances are they'll leave open some other hole for you to exploit.4. You could probably detect a program signature in order to compromise only certain software. For example, VPN software that's used by a certain government.

Posted by: Eric at December 17, 2007 01:52 PM

More-

Microsoft adds NSA backdoor to Windows Vista

http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html

[Guest guest]

Lower costs - to THEM perhaps?

 

-

Misty

Health and Healing ; the_octopus

Friday, December 21, 2007 8:08 PM

Microsoft adds NSA backdoor to Windows Vista

 

 

 

 

 

 

 

 

Microsoft adds NSA backdoor to Windows Vista

Schneier on Security

A blog covering security and security technology.

« Friday Squid Blogging: Squids in Medicine | Main | New Identity Theft Tool »

December 17, 2007

Dual_EC_DRBG Added to Windows Vista

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor.

It's not enabled by default, and my advice is to never enable it. Ever.

EDITED TO ADD (12/18): I should make this clear that the algorithm is available as a program call. It is not something that the user can enable or disable.

 

 

Posted on December 17, 2007 at 10:22 AM

Digg this • Add to del.icio.us • Technorati Links

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

 

Comments

 

 

You know what would be scary? If they secretly started using this algorithm even if you requested something else. Could anyone tell? What if they only pulled the switch under specific conditions (i.e. Chinese language versions)?

Posted by: Eric at December 17, 2007 10:59 AM

 

 

 

 

Or Microsoft could just enable Dual_EC-DRBG to be used sometime in the future after most people forget it's there.

Posted by: Nick at December 17, 2007 11:21 AM

 

 

 

 

1.) How do you switch it on and off?

2.) How do you know what state it is in(of or off)??

Posted by: annic at December 17, 2007 11:46 AM

 

 

 

 

Either a stealth Windows Update will turn it on, or a future critical security fix will quietly make it the default.

Posted by: derf at December 17, 2007 11:48 AM

 

 

 

 

I got to this point, "When developing Windows Vista, Microsoft set out to provide higher levels of productivity, mobility, and security, with lower costs." Then my BS Detector went off.

Microsoft lowering costs! Yeah right.

Posted by: HAL at December 17, 2007 12:11 PM

 

 

 

 

Well, it's good to know that Microsoft is at least keeping their security flaws up to date.

Posted by: Joe at December 17, 2007 12:20 PM

 

 

 

 

"[...] and my advice is to never enable it. Ever."

Are you referring to the RNG or to Vista? :-)

Posted by: stacy at December 17, 2007 12:21 PM

 

 

 

 

But Microsoft *is* lowering costs - the costs of the recording studios.Microsoft *is* increasing security - making it possible for the RIAA to check what you've got without the owner of the computer knowing.Microsoft *is* increasing productivity - that of the lawyers prosecuting the DRM cases for the RIAA.

Everybody else? click 'n' wait.

Posted by: electron at December 17, 2007 12:23 PM

 

 

 

 

Yeah electron, everybody is going to buy a Zune which is a giant flop. They're making music low cost, but high loss.

"Robertson, "I've been looking for a good verb to describe losing all of your music to DRM because it's increasingly common and I think I have one: zune.""http://www.engadget.com/tag/michael%20robertson/

Posted by: HAL at December 17, 2007 12:45 PM

 

 

 

 

>the costs of the recording studios.Uh no. Actually most recording is HD based and Vista is a performance dog. In the past you'd base your studio around a Windows platform to save money. But with Vista, you need more HW for the same performance and thus the costs go up.

Leave the recording studios out of the record label / DRM madness. We're victims just like you.

Posted by: mark at December 17, 2007 12:47 PM

 

 

 

 

@stacy:

Based on the purported complexity of Vista, can any assurances be made with respect to the security of that product?

http://www.forbes.com/free_forbes/2007/0226/050.html

Posted by: Patrick Star at December 17, 2007 12:48 PM

 

 

 

 

Anyone who runs Windows is a fscking schmuck and deserves what they get for their poor choice in operating systems.

Posted by: grandma at December 17, 2007 01:08 PM

 

 

 

 

You should know that the documentation linked to states that the default RNG in Vista SP1 will not be Dual_EC_DRBG, but the RNG based on AES, which is CTR_DRBG, which Schneier recommended in his post warning against Dual_EC_DRBG.

Dual_EC_DRBG is only called when the programmer explicitly calls for it. Therefore, the way to make sure that Dual_EC_DRBG is not used is to perform a source code audit. The auditor must search the source code of the program in question for the constant named BCRYPT_RNG_DUAL_EC_ALGORITHM and the string "DUALECRNG" to make sure that they are either completely absent from the program or used to throw exceptions when their use is detected in runtime, and must make sure that the programmers did not program Dual_EC_DRBG in themselves.

Posted by: Jesse Viviano at December 17, 2007 01:09 PM

 

 

 

 

" [...] Therefore, the way to make sure that Dual_EC_DRBG is not used is to perform a source code audit"

With Windows you cannot audit the source code. Use Linux/xBSD instead of Windows.

Posted by: Anonymous at December 17, 2007 01:13 PM

 

 

 

 

"Gartner survey found that 64% of companies planned to begin moving from Windows XP to Windows Vista by the winter of 2008." via Information Week.

Good news story for security industry insiders."Malware authors will step up efforts to attack Windows Vista in 2008, as Microsoft's latest desktop operating system passes the 10 percent market share milestone, according to security firm McAfee."

If attacks are going up, why in the world would 64% of biz users being heading in that direction? Nucking futs.

Posted by: HAL at December 17, 2007 01:29 PM

 

 

 

 

Um, not to be a spoilsport, but isn't this in the NIST standard? Why doesn't the blame belong there, instead of Microsoft implementing it?

Posted by: Chris at December 17, 2007 01:46 PM

 

 

 

Imagining a Windows system that's been rigged to always use the backdoored RNG leaves us with lots of interesting posibilities:1. Inject compromised machines into the supply line for your adversary. I mentioned "Chinese language versions" earlier, but you could probably be more focused than that.2. If you ever crack your adversary's machine, modifying the crypto DLL is an extremely subtle attack they're unlikely to detect.3. If you can get your adversary to be paranoid about Windows Update, chances are they'll leave open some other hole for you to exploit.4. You could probably detect a program signature in order to compromise only certain software. For example, VPN software that's used by a certain government.

Posted by: Eric at December 17, 2007 01:52 PM

More-

Microsoft adds NSA backdoor to Windows Vista

http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html