Vista SP1 Bundles Broken Random Number Tool
Microsoft plans to bundle a cryptographically flawed pseudo random number generator in its upcoming service pack for Windows Vista. Cryptographers have expressed concern about a possible backdoor in a standard for random number generators approved by the National Institute of Standards and Technology (NIST) this year.
The cryptographically weak Dual_EC_DRBG approach, which is based on the mathematics of elliptic curves, was one of four “deterministic random bit generatorsâ€, approved by the NIST in March.Flaws in the approach (Dual_EC_DRBG) first emerged in August at the Crypto 2007 conference when cryptographers Dan Shumow and Niels Ferguson demonstrated that two constants in the standard used to define the algorithm’s elliptic curve have a relationship with a second, secret set of numbers. Read More»
