A cryptographically flawed pseudo random number generator is reportedly being added to the upcoming Windows Vista Service Pack 1, raising concerns about a new random-number standard that includes a slow, badly designed algorithm containing a backdoor for the National Security Agency (NSA).

Cryptographers Dan Shumow and Niels Ferguson wrote a yp.to (PDF) that revealed flaws in Dual_EC_DRBG standard at the Crypto 2007 conference this past August. Dual_EC_DRBG is one of four approved random number generators that's three times slower than the others.  The design is based on the mathematics of elliptic curves. The only reason Dual_EC_DRBG is a standard is because it's preferred by the National Security Agency (NSA) who has always been intimately involved in U.S. cryptography standards.

The correct operation of SSL and several other protocols rely on the randomness of random-number generators. Shumow and Ferguson demonstrated that two constants in the Dual_EC-DRBG standard used to define the algorithm's elliptic curve have a relationship with a second secret set of numbers. Whoever had access to that second set of numbers has a skeleton key that's able to unlock any instance of Dual_EC_DRBG.

The National Institute of Standards and Technology (NIST) approved the standard earlier this year. Software and hardware developers around the world are likely to follow the standard since NIST standards are widely adopted. The NSA's past history of illicitly spying on American citizens coupled with their strong support of the cryptographically weak Dual_EC_DRBG standard adds fuel to the fire of suspicions that the weakness might be used as a backdoor.

Dual_EC_DRBG will not be applied by default, but users will have to rely on developers demonstrating good sense by avoiding the cryptographically weak approach. The default random number generator in Windows Vista SP1 will be based on CTR_DRBG.

Visit Bill's Links and More for more great tips, just like this one!