Crypto ‘backdoor’ in Vista SP1加密'後門'在Vista SP1中
Microsoft is to implement a random number generator in Windows Vista Service Pack 1 which has a known flaw, described by security researchers as a ‘back door’. 微軟正在實施一項隨機數發生器在Windows Vista Service Pack 1中,其中有一個眾所周知的缺陷,所描述的安全研究作為一個'後門' 。 The weakness could, at worst, allow an unknown attacker to decrypt EFS-protected data and SSL sessions such as used for internet banking and World of Warcraft logons. 的弱點,可以在最壞的打算,讓不明攻擊者解密英,法,西保護的數據和SSL的會議,如用於網上銀行和魔獸世界登錄。 It’s not all doom and gloom, however: the flawed RNG will be bundled with a second, more reliable version which will be selected by default. 它的並不是所有的厄運和憂愁,卻是:有缺陷的rng將捆綁了第二,更可靠的版本將默認選中的。 It does make you wonder why Microsoft have bothered implementing the flawed version, known as Dual_EC_DRBG, at all. 它使你想知道為什麼微軟都煩實施有缺陷的版本,稱為dual_ec_drbg ,在所有。 The algorithm, approved by the American National Institute of Standards and Technology (which, for you paranoiacs out there, works closely with the No Such Agency), is based on elliptic-curve mathematics and uses a set of constants to ’seed’ the generation. 該算法,批准由美國國家標準與技術研究所(其中,為您paranoiacs在那裡,工程緊密合作,沒有這樣的機構) ,是基於橢圓曲線的數學和使用一組常數,以'種子'的一代。 It has been determined by security researchers Dan Shumow and Niels Ferguson that these constants have a special relationship to a second, secret set of numbers. 已確定由安全研究人員丹shumow和尼爾斯弗格森認為,這些常數有一個特殊的關係提高到一個第二,秘密設置的號碼。 In theory, anyone who has the second set can determine what ‘random’ number the algorithm will pop out at any given time. 在理論上,誰擁有第二套能確定什麼'隨機'數目的算法,將彈出在任何特定時間。 Which has cryptologists such as Bruce Schneier suitably worried. 已cryptologists如布魯斯施奈爾適當的擔心。 By default Vista SP1 will use the CTR_DBG algorithm (based on the Advanced Encryption Standard) which is thought to be more secure than the possibly-backdoored Dual_EC_DRBG. 默認情況下Vista的SP1也將使用ctr_dbg算法(基於先進加密標準) ,這被認為是更安全,比可能- backdoored dual_ec_drbg 。 As a result, a developer would actually have to make a concious effort to use the possibly-insecure algorithm and thus put the security of encrypted data at risk. 因此,一個發展商,其實要作出有意識的努力使用可能不安全的算法,從而把安全加密的數據處於危險之中。 Still, it’sa disquieting thought that the heart of any system designed to offer users privacy could have such a major flaw and still get shipped to end-users. 還有,這是令人不安的認為,心臟的任何系統,旨在為用戶提供隱私可以有這麼大的漏洞,並仍然得到發運給最終用戶。
Source: 資料來源: bit-tech 比特科技
Popularity: 1%人氣: 1 %
Written by ShaDow. 寫的陰影。 Read more great feeds at is source 閱讀更多偉大的飼料是來源 WEBSITE 網站
no comments 沒有評論 . 。
Read more articles on 閱讀更多的文章 Windows Vista Updates (KB) Windows Vista的更新及(或) and 和 Vista News Vista的新聞 and 和 otherSoftware othersoftware and 和 vista sp1 Vista的SP1的 . 。
- [+] Digg [ + ] digg : Feature this article :特徵此文章
- [+] Del.icio.us [ + ] del.icio.us : Bookmark this article :書籤此文章
- [+] Furl [ + ] furl : Bookmark this article :書籤此文章
