Various tech bloggers are
reporting that Microsoft will
include the NSA-recommended random algorithm suspected of containing
a backdoor vulnerability in the upcoming Windows Vista service pack.
According to Microsoft, the “Dual Elliptical Curve (Dual EC) PRNG from SP
800-90 is also available for customers who prefer to use it,” so this
algorithm is an option, not the default. Why would Microsoft
intentionally include an inefficient and unsecure algorithm? Very likely, because it will eventually be
required in governments contracts.
It is hard to blame Microsoft for not wanting to lose government contracts,
or to alienate customers who depend on them.
The real danger is the (inevitable?) attempts by the state to force this
algorithm on everyone else, including requirements that make it mandatory for
government contracts, and thus attempt to influence the default configuration
by virtue of the state’s dominant market share.