Microsoft cryptographer: There are no back doors into Vista

Microsoft cryptographer: There are no back doors into Vista

Summary: By way of ZDNet reader Derek Flickinger comes VNUNet's Iain Thompson's report: A senior cryptographer working for Microsoft has vehemently denied that the firm is planning to compromise the encryption functionality incorporated in its forthcoming Vista operating system by adding a backdoor.

SHARE:
TOPICS: Microsoft
5

By way of ZDNet reader Derek Flickinger comes VNUNet's Iain Thompson's report:

A senior cryptographer working for Microsoft has vehemently denied that the firm is planning to compromise the encryption functionality incorporated in its forthcoming Vista operating system by adding a backdoor. Niels Ferguson, a Dutch cryptographic engineer and consultant who currently works for Microsoft, has written in his blog that there are no plans to provide a secret means for law enforcement officers to access encrypted data. He added that, if pressure came for such a system, Microsoft engineers would either go public or withdraw the platform's encryption feature altogether.

Referring the Microsoft's encryption technology known as BitLocker (the technology that could keep law enforcement agencies from getting at the contents of a hard drive or thumb drive), Ferguson also wrote "Like any security technology BitLocker has its avenues of attack and law enforcement should know about them." 

I'm not making this up.   So, if it has avenues of attack, why bother?  Or is it just to keep casual hackers at bay? (in other words, why bother?)

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Indeed, why any security at all?

    I mean EVERY security system has "avenues of attack" so why use any?

    David, that was plain dumb. A massive fort still has avenues of attack. You can march right up to the front gate and try to beat it down with your fists, that is an avenue of attack. No I don't think it will work but it is one avenue of attack...
    No_Ax_to_Grind
  • the implication is that there are ...

    known avenues of real vulnerability. If they're known, then why isn't something being done about it? I think it was a dumb thing to say.
    dberlind
    • Every type of encryption

      has 'known avenues' of real vulnerability. Mostly it is the user (ya, I'll email myself the key using my gmail account; no one will be able to trace that!), but there are often subtle, mathematical ways of attempting to sift out the (data) wheat from the (cryptographic) chaff. I personally assume groups like the NSA have about a 10 year head start on such tactics; would the cryptographic standards of 10 years ago hold up invincibly now?
      mdemuth
  • Perhaps bitlocker's encryption is very weak

    Well I have to say that I repect Niels Ferguson and he does say that he and his team will not put a backdoor into Vista - I guess that leaves the kernal guys to do it. You might find out that after you run one of Microsoft's famous Easter eggs that bitlocker is turned off!

    It could also be that the encryption method used will be very weak (for performance reasons), something that law enforcement can already easily crack.

    In any case, if you really have serious data to protect, you will probably use third party strong encryption anyway. There are open source versions of strong encryption software (can you ever trust closed source encryption?) available.
    WiredGuy
  • Read the rest of the article

    It says right there the kinds of "avenues of attack" he meant, like leaving your key on a USB stick right next to the computer.

    Obviously there's no point if you're going to do that, but that doesn't mean there's no point in *implementing the feature* - there's just no point in your using it like that.

    It would be the same as sticky-taping the key to a padlock on the padlock itself. There's no point doing that, either, but it doesn't make padlocks in general useless, does it?
    DeanHarding