Crypto 'backdoor' in Vista SP1

Discussion in 'Submitted News' started by Dark Atheist, Dec 19, 2007.

  1. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    Microsoft is to implement a random number generator in Windows Vista Service Pack 1 which has a known flaw, described by security researchers as a 'back door'. The weakness could, at worst, allow an unknown attacker to decrypt EFS-protected data and SSL sessions such as used for internet banking and World of Warcraft logons.

    It's not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG, at all.


    Source
    http://www.techpowerup.com/?47432