In association with heise online

18 December 2007, 17:46

Controversial random number generator in Vista Service Pack 1

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

With its Service Pack 1 for Windows Vista, Microsoft is also adding the Dual_EC_DRBG random number generator. The US standard, released by the National Institute for Standards und Technology (NIST) in "Special Publication 800-90" (PDF) is suspected of containing a back door for the NSA. Programmers can access the new random number generator via an API. But security expert Bruce Schneier emphatically recommends against using it and repeats his suspicion that the algorithm could contain a back door.

Cryptologists Nils Ferguson and Dan Shumow described a weakness of the algorithm at the Crypto 2007 conference. It is based on elliptical curves, described by a set of constants. The trouble is, no explanation has been given of how the constants are derived. The cryptologists demonstrated that the constants must be related to an unknown second set of numbers. This second number set could serve as a kind of master key.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit