Rumours of Microsoft Windows including CIA or NSA backdoors have been around for years. This one though seems to be genuine.

Good random number generators (RNGs) are important for computer security. There are many security applications, from secure passwords to the software that lets you do Internet banking, that rely on a healthy chunk of randomness. If you can predict the “randomness” (in other words, if it isn’t really that random), you can often break the security. So important is the use of random number generators that the US government works closely with industry and academics to produce the state of the art RNG software.

But the government’s trusted role in the process includes a powerful temptation: what if they could include backdoors in the security software, so they could access your data but (hopefully) nobody else could? Some years ago, under President Clinton, the US tried to mandate the Clipper chip, which included a virtual backdoor to any software using it. That attempt failed, but in November security consultant and professional cryptoanalysist Bruce Schneier wrote about one of the latest RNGs championed by the NSA, “Dual_EC_DRBG”:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. […]

But today there’s an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described as a backdoor.

With a cloud over the Dual_EC_DRBD algorithm, one wonders why Microsoft have now added it to Vista. It suggests to me not so much any nefarious motives on behalf of Microsoft, as just a failure to do their homework. Dual_EC_DRBD comes with NSA’s stamp of approval, but civilian cryptoanalysts are advising that even if the backdoor has not been put in it deliberately, it’s mere existence is a security breach.

It’s important not to over-react to this one. It doesn’t mean the NSA can read your email — they’ve had the ability to do that for years. What it does mean is that, at some time in the future Vista application software that relies on Dual_EC_DRBD will contain a secret backdoor. Who knows who will have the key? The NSA? Some private contractor who helped build it? In five years time, it could be in the hands of anyone.

If Microsoft is serious about security, they need to remove this insecure RNG from Vista.