Crypto 'backdoor' in Vista SP1

Discussion in 'Submitted News' started by Dark Atheist, Dec 19, 2007.

  1. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    In The Void
    Microsoft is to implement a random number generator in Windows Vista Service Pack 1 which has a known flaw, described by security researchers as a 'back door'. The weakness could, at worst, allow an unknown attacker to decrypt EFS-protected data and SSL sessions such as used for internet banking and World of Warcraft logons.

    It's not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG, at all.