« Wil Wheaton is a writer | Main | raisins and nails »

beware Windows Vista SP1

Bruce Schneier is worried about the Microsoft Vista Service Pack 1 implementation of the flawed Dual_EC_DRBG random number generator.

He explained the flaw last month, noting that Dual_EC_DRBG "includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency" Schneier continued:

"The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable [...] but it's cause for concern."

(For math geeks, the obligatory Wikipedia article on elliptic curve cryptography is here.)

Posted by cognitivedissident on December 17, 2007 9:58 PM |

TrackBack

TrackBack URL for this entry:
http://www.cognitivedissident.org/mt/mt-tb.cgi/988

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)