Crypto ‘backdoor’ in Vista SP1加密'后门'在Vista SP1的
Microsoft is to implement a random number generator in Windows Vista Service Pack 1 which has a known flaw, described by security researchers as a ‘back door’. 微软正在实施一项随机数发生器在Windows Vista Service Pack 1的,其中有一个众所周知的缺陷,所描述的安全研究员作为一个'后门' 。 The weakness could, at worst, allow an unknown attacker to decrypt EFS-protected data and SSL sessions such as used for internet banking and World of Warcraft logons. 该弱点可以,在最坏的打算,让不明攻击者可以解密英,法,西保护的数据和SSL届例如用于网上银行和魔兽世界logons 。 It’s not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. 它的,并非所有前途的悲观,但:残缺的RNG将被捆绑与第二种比较可靠的版本,其中将选出默认。 It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG, at all. 它使你想知道为什么微软都烦,实施有缺陷的版本,称为dual_ec_drbg不惜一切。 The algorithm, approved by the American National Institute of Standards and Technology (which, for you paranoiacs out there, works closely with the No Such Agency), is based on elliptic-curve mathematics and uses a set of constants to ’seed’ the generation. 该算法中,批准了由美国国家标准与技术研究院(其中,因为你paranoiacs出在那里,工作,并经常与没有这样的机构) ,是基于椭圆曲线的数学和用途一套常量'种子'的一代。 It has been determined by security researchers Dan Shumow and Niels Ferguson that these constants have a special relationship to a second, secret set of numbers. 已确定由安全研究人员丹shumow ( Niels和弗格森这些常数是有特殊的关系上升到第二,秘密设置的号码。 In theory, anyone who has the second set can determine what ‘random’ number the algorithm will pop out at any given time. 从理论上讲,任何人第二套能确定什么'随机'数目的算法,将弹出在任何特定时间。 Which has cryptologists such as Bruce Schneier suitably worried. 其中有cryptologists如布鲁斯施奈尔适当担心。 By default Vista SP1 will use the CTR_DBG algorithm (based on the Advanced Encryption Standard) which is thought to be more secure than the possibly-backdoored Dual_EC_DRBG. 默认Vista的SP1的,将使用ctr_dbg算法(基于先进加密标准) ,这被认为是更安全可靠,较可能- backdoored dual_ec_drbg 。 As a result, a developer would actually have to make a concious effort to use the possibly-insecure algorithm and thus put the security of encrypted data at risk. 因此,一个开发商,其实会作出自觉努力使用可能不安全的算法,因此就把安全的加密数据处于危险之中。 Still, it’sa disquieting thought that the heart of any system designed to offer users privacy could have such a major flaw and still get shipped to end-users. 还有,这是令人不安认为系统的核心,旨在为用户提供隐私能有这么大的漏洞,并仍获得发运给最终用户。
Source: 资料来源: bit-tech 比特科技
Popularity: 14%人气: 14 %
Written by ShaDow. 写的阴影之下。 Read more great feeds at is source 阅读更多伟大的饲料,是源头 WEBSITE 网站
no comments 没有评论 . 。
Read more articles on 查看更多文章 Windows Vista Updates (KB) Windows Vista的更新(千字节) and 及 Vista News Vista的新闻 and 及 otherSoftware othersoftware and 及 vista sp1 Vista的SP1的 . 。
- [+] Digg [ + ] digg : Feature this article :特征这篇文章
- [+] Del.icio.us [ + ] del.icio.us : Bookmark this article :收藏这篇文章
- [+] Furl [ + ] furl : Bookmark this article :收藏这篇文章
