Re: More stuff to worry about random number generators:

["Kitsune" <kitsune () sbcglobal net>]

I see you've never lived through NT4 SP2... ;)

----- Original Message ----- 
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
To: "Paul Ferguson" <fergdawg () netzero net>
Cc: <funsec () linuxbox org>
Sent: Tuesday, December 18, 2007 1:44 PM
Subject: Re: [funsec] More stuff to worry about random number generators:


> On Dec 17, 2007 8:32 PM, Paul Ferguson <fergdawg () netzero net> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - -- "Dude VanWinkle" <dudevanwinkle () gmail com> wrote:
> >
> > >via bruce:
> > >>http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
> > >
> > >Dual_EC_DRBG Added to Windows Vista
> > >
> > >Microsoft has added the random-number generator Dual_EC-DRBG to
> > >Windows Vista, as part of SP1. Yes, this is the same RNG that could
> > >have an NSA backdoor.
> > >
> > >It's not enabled by default, and my advice is to never enable it. Ever.
> > >
> >
> > Windows Vista? What's that? ;-)
>
> Microsoft workstation products are only semi-viable as an option after
> SP2. This theory of mine held up for 2k and XP. We will see how well
> it holds up for Vista, but by the look of things, NSA backdoors and
> all, I might have to come up with another theory..
>
> SP2 usually means over 600 MB of fixed code, but thats with a ~450MB
> operating system. I wonder if Vista service packs will be relative...
>
> -JP
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.