Various tech bloggers are
reporting that Microsoft will
include the NSA-recommended random algorithm suspected of containing
a backdoor vulnerability in the upcoming Windows Vista service pack.
According to Microsoft, the “Dual Elliptical Curve (Dual EC) PRNG from SP
800-90 is also available for customers who prefer to use it,” so this
algorithm is an option, not the default. Why would Microsoft
intentionally include an inefficient and unsecure algorithm? Very likely, because it will eventually be
required in governments contracts.
It is hard to blame Microsoft for not wanting to lose government contracts,
or to alienate customers who depend on them.
The real danger is the (inevitable?) attempts by the state to force this
algorithm on everyone else, including requirements that make it mandatory for
government contracts, and thus attempt to influence the default configuration
by virtue of the state’s dominant market share.
Having destroyed the U.S. dollar, the
government is now destroying anyone
who offers an inflation-proof alternative. Whether or not this is the
motive in this case, it is very likely that the U.S. government will quite literally
fight for its life against any sound currency as they become viable alternatives.
(As long as it controls the currency, the
printing press will always be the primary means of expanding state power regardless of any tax cuts or recessions.)
Because the government is a major consumer of crypto
products, government entities create or approve most of the encryption
standards used in the industry. One of
the key ingredients of crypto technology are random number generators. Getting random numbers from a computer is a
very tricky problem, so the U.S.
government actually publishes random number algorithms created by computer
scientists and government agencies. This
year, the government produced a new standard, which may soon be integrated into
crypto software worldwide. Three of the
four algorithms in the standard are based on industry standards, but one comes
from the National Security Agency. The
NSA’s algorithm is more complex and slower than the others, so many people
wondered why the NSA pushed to have it included.
In a recent CRYPTO 2007 conference, some computer scientists
discovered that the algorithm has a possible backdoor key, which allows the
numbers it generates to be predicted.
While we don’t know whether the NSA has the key, we can be sure that either
it has the key or it released a dangerously broken standard. (Now that the vulnerability is known, vendors
are unlikely to use it, so the NSA wouldn’t have knowingly released a faulty
standard unless it had the key.)
A paranoid person might wonder if having failed to force broken
crypto on us at the hardware level, the government has some kind of nefarious
plan to sneak one in. Simply requiring
that the standard be used by government contractors might be sufficient to get
it adopted by the industry due to its market share. People take much more care in selecting and
testing encryption algorithms than random number generators.
Reassuring answers on this issue are not likely to be forthcoming,
so here are some rules of thumb:
- Real security requires evaluating the whole process, not
just a good encryption algorithm.
- Don’t trust a security solution just because it is widely used or
- Don’t trust a security solution that is isn’t open to peer