Results 1 to 16 of 16

Thread: UK Government wants backdoors in windows..

  1. #1
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    7,508
    Thanks
    336
    Thanked
    320 times in 255 posts
    • Spud1's system
      • Motherboard:
      • Gigabyte Aorus Master
      • CPU:
      • 9900k
      • Memory:
      • 16GB GSkill Trident Z
      • Storage:
      • Lots.
      • Graphics card(s):
      • RTX3090
      • PSU:
      • 750w
      • Case:
      • BeQuiet Dark Base Pro rev.2
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Asus PG35VQ
      • Internet:
      • 910/100mb Fibre

    UK Government wants backdoors in windows..

    http://news.bbc.co.uk/2/hi/uk_news/politics/4713018.stm

    Quote Originally Posted by BBC News
    Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted.

    He urged the government to look at establishing "back door" ways of getting around encryptions.

    The Home Office later told the BBC News website it is in talks with Microsoft.
    Is it just me that thinks this is yet another totally retarded idea by our hypocritical small minded government?

    They are asking microsoft, and other companies providing encryption solutions to give them a backdoor master key so that they can bypass any encryption..

    Fine I can see why, a legal case against a paedophile for example who has encypted his harddrive (possibly) containing evidence against him/her. The courts could simply unlock it and prosecute, but what about the other implications?

    The biggest one that I can see is, what if that backdoor key was leaked? Which it would be, I would bet money on it. So called backdoor/master key's have been used in lot's of software before, the closest example I can think of off-hand is with computer bios's. Lots and Lots of bios's had (and may still have) backdoor/master passwords that would bypass any restrictions set by a user, such as a power on password. This would allow someone who knew the backdoor password to boot a computer that is normally well protected.

    The same applies with encryption, if the master key was leaked any cracker could simply break into a computer system (say a corporate network), locate the encrypted data source and unlock it without having to spend howevermany thousand years brute forcing the encryption key. This could be disasterous surely?

    Of course there is the possibilty of the backdoor actually not being leaked (however small this chance is), but then we have the governement with the same ability of the crackers - they can unlock your files. Granted not legally unless you are arrested etc, but if the wrong person got hold of the key etc..

    Just seems like a bad idea to me..

  2. #2
    Taz
    Taz is offline
    Senior Member Taz's Avatar
    Join Date
    Jan 2005
    Location
    London
    Posts
    2,152
    Thanks
    57
    Thanked
    29 times in 27 posts
    • Taz's system
      • Motherboard:
      • Gigabyte Z270 HD3P
      • CPU:
      • Intel Core i5 7600K
      • Memory:
      • Corsair CMK16GX4M2B3200C16R Vengeance LPX 16 GB
      • Storage:
      • Samsung 960 EVO M.2-2280 500GB (PCIe) + 1TB Sandisk Ultra II SSD (SATA)
      • Graphics card(s):
      • Asus NVIDIA GeForce GTX 1070 OC
      • PSU:
      • Corsair CS550M 550W Hybrid
      • Case:
      • NZXT Source 340
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 34" Asus Designo Curve MX34VQ UWQHD Monitor
      • Internet:
      • Virgin Media M350
    Why don't we just give the government a spare key to our homes so they can come and go as they please?!

  3. #3
    Senior Amoeba iranu's Avatar
    Join Date
    Oct 2003
    Location
    On the dinner table. Blechh!
    Posts
    3,535
    Thanks
    111
    Thanked
    156 times in 106 posts
    • iranu's system
      • Motherboard:
      • Asus Maximus Gene VI
      • CPU:
      • 4670K @4.3Ghz
      • Memory:
      • 8Gb Samsung Green
      • Storage:
      • 1x 256Gb Samsung 830 SSD 2x640gb HGST raid 0
      • Graphics card(s):
      • MSI R9 390
      • PSU:
      • Corsair HX620W Modular
      • Case:
      • Cooler Master Silencio 352
      • Operating System:
      • Win 7 ultimate 64 bit
      • Monitor(s):
      • 23" DELL Ultrasharp U2312HM
      • Internet:
      • 16mb broadband
    What is also so sinister about this is that this particular government is very good at producing legislation supposedly to help in the fight against terrorism then using those same laws to impede the freedoms and privacy of it's law abiding citizens.

    If the pc user is online, the relevant government agency, with that backdoor key could access all your files without you knowing about it. Wouldn't take much for a rogue employee of the government accessing all your password for your bank account, paypal account, credit card details and having a bit of fun at your expense.

    Whilst I understand that it is important for law agencies to be able to gather information I do not trust this government to put sufficient safeguards in the legislation to prevent abuse.
    "Reality is what it is, not what you want it to be." Frank Zappa. ----------- "The invisible and the non-existent look very much alike." Huang Po.----------- "A drowsy line of wasted time bathes my open mind", - Ride.

  4. #4
    Senior Member RVF500's Avatar
    Join Date
    Apr 2004
    Location
    Back in Sunny UK...and it is sunny too :D...pleasant surprise.
    Posts
    1,063
    Thanks
    0
    Thanked
    0 times in 0 posts
    if you want to use evidence on pc against someone then sieze the hardware and let your ubergeeks loose on it in a lab. Should crack it no problem. If you want to spy online against someone outside UK jurisdiction then either get the relevant order from the nation where the possible offender is or back off because you can't do anything anyway.

    The phrase Orwellian has been used to describe this govt. It's getting scarily truer day by day. Let's see how long it takes for someone to misuse the new anti-terror legislation. Stopwatches ready?
    "You want loyalty? ......get a dog!"

  5. #5
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    7,508
    Thanks
    336
    Thanked
    320 times in 255 posts
    • Spud1's system
      • Motherboard:
      • Gigabyte Aorus Master
      • CPU:
      • 9900k
      • Memory:
      • 16GB GSkill Trident Z
      • Storage:
      • Lots.
      • Graphics card(s):
      • RTX3090
      • PSU:
      • 750w
      • Case:
      • BeQuiet Dark Base Pro rev.2
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Asus PG35VQ
      • Internet:
      • 910/100mb Fibre
    Quote Originally Posted by RVF500
    if you want to use evidence on pc against someone then sieze the hardware and let your ubergeeks loose on it in a lab. Should crack it no problem.
    Not true, some of the really strong encryption methods have massive keys that could take millions of years to brute force even with supercomputers. Ok so you could get lucky and hit within a year or so but it's unlikely. 10 years ago (probably less) and sure you could do it, but even a standard 8 letter alphanumeric password made of random digits/symbols can take days to get a hit brute forcing (dictionary attacks are no good unless it's a passphrase ). So imagine how long it would take for a passkey thats hundreds of characters long..not easy.
    Last edited by Spud1; 16-02-2006 at 04:48 PM.

  6. #6
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    RVF500 it depends how clever the person has been, if they've been running with no page file, and used well designed encryption software then the experts can't do much.

    However, most "naughty" people aren't computer experts, and don't understand measures that are in place, a classic was a nonse who'd done a good job with his encrypted volume, he was one of the "know it all linux pushers" who had no understanding that a page file would actually retain a copy of the image (because the program he was using to view it had been, been cached, as such a decrypted version had been in the swap file, and paginated).

    The master key problem..... I would hate to be near that key is all i can say, think what preasures are put on people to get information, the value of the key, Billions. How many innocent people would someone kill to manipulate someone who has access to the key.
    throw new ArgumentException (String, String, Exception)

  7. #7
    Time for Walkies... Atomic's Avatar
    Join Date
    Apr 2004
    Location
    Norfolk, UK
    Posts
    1,959
    Thanks
    0
    Thanked
    0 times in 0 posts
    All that will happen if the gov get a backdoor is a thirdparty company in another country will provide a version without the backdoor and companies will use that...

  8. #8
    Senile Member
    Join Date
    Dec 2003
    Posts
    442
    Thanks
    3
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Spud1
    So imagine how long it would take for a passkey thats hundreds of characters long..not easy.
    never mind that, how long would it take you to type in each time

    The problem with backdoors is what do you do when a "bad guy" gets hold of them.

  9. #9
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,945
    Thanks
    171
    Thanked
    388 times in 315 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    Quote Originally Posted by Spud1
    Not true, some of the really strong encryption methods have massive keys that could take millions of years to brute force even with supercomputers. Ok so you could get lucky and hit within a year or so but it's unlikely. 10 years ago (probably less) and sure you could do it, but even a standard 8 letter alphanumeric password made of random digits/symbols can take days to get a hit brute forcing (dictionary attacks are no good unless it's a passphrase ). So imagine how long it would take for a passkey thats hundreds of characters long..not easy.
    You need to learn a little more about encryption before commenting
    The keys used to encrypt may be long, but where are those keys stored?
    On the HDD!
    But surely that means anyone can get them?
    Not so, as the keys are encrypted.
    Using what I hear you say?
    The users windows password. There is the weak link. You do a brute force or dictionary attack on the file that holds the key. (its stored in the crypto folder in the users profile)

    Another thing to bare in mind. I'll quote my little brother "Criminals aren't actually that smart. They still haven't learned to use gloves when burgling"
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  10. #10
    Photographer; for hire!! shiato storm's Avatar
    Join Date
    Aug 2003
    Location
    next door
    Posts
    6,977
    Thanks
    4
    Thanked
    6 times in 5 posts
    surely if a 'backdoor' was created someone would kick up a fuss its in breach of human rights or privacy or some such ideal and would find a way to stop it. there would be software hacks released that would stop any backdoor access too...probably released by some russians but used by all. in the end the gov. would see inside their small minded ideas that really its cr*p. just like their turn around on the no smoking bill...well, its still not going to happen for a good while though is it? this gov is rubbish, and they're screwing us over. hard.
    Powered by Marmite and Wet Dog
    Light Over Water Photography

  11. #11
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    7,508
    Thanks
    336
    Thanked
    320 times in 255 posts
    • Spud1's system
      • Motherboard:
      • Gigabyte Aorus Master
      • CPU:
      • 9900k
      • Memory:
      • 16GB GSkill Trident Z
      • Storage:
      • Lots.
      • Graphics card(s):
      • RTX3090
      • PSU:
      • 750w
      • Case:
      • BeQuiet Dark Base Pro rev.2
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Asus PG35VQ
      • Internet:
      • 910/100mb Fibre
    fair point but isn't the sam file (assuming we are talking about the same thing here) also a pain in the ass to decrypt? I know that replacing it is easy enough, but I thought that actually obtaining the password from it was just as difficult requiring a long attack again..i'm probably wrong here and if so would be interested to know more

    got any links you can point me to?

    oh and the crimials thing? Criminals who get caught are not usually that smart no, but the clever ones don't get caught...
    Last edited by Spud1; 17-02-2006 at 01:49 PM.

  12. #12
    Laird Of The Glen jimborae's Avatar
    Join Date
    Oct 2003
    Location
    I come from a land of plenty......not
    Posts
    3,499
    Thanks
    263
    Thanked
    371 times in 304 posts
    • jimborae's system
      • Motherboard:
      • Gigabyte Aorus Z390 Pro
      • CPU:
      • Core i7 9700K@4.7Ghz
      • Memory:
      • Team Group DDR-3000 32Gig
      • Storage:
      • 1x Samsung 870 Evo 500Gb SSD, 1 x WD Red 4TB
      • Graphics card(s):
      • Gigabyte Radeon 5700XT watercooled
      • PSU:
      • XFX 850W Black Edition
      • Case:
      • Phantek Enthoo Prime
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2 xDell 24"
      • Internet:
      • PlusNet 70Mb
    Quote Originally Posted by badass
    You need to learn a little more about encryption before commenting
    The keys used to encrypt may be long, but where are those keys stored?
    On the HDD!
    But surely that means anyone can get them?
    Not so, as the keys are encrypted.
    Using what I hear you say?
    The users windows password. There is the weak link. You do a brute force or dictionary attack on the file that holds the key. (its stored in the crypto folder in the users profile)

    Another thing to bare in mind. I'll quote my little brother "Criminals aren't actually that smart. They still haven't learned to use gloves when burgling"

    Hmm well what about hard disk encryption software that you need authenticate yourself to before loading & logging onto Windows. e.g. Pointsec, which we use at work inconjunction with RSA tokens to authenticate. Surely then the Windows logon details are encrypted & the Pointsec password inconjunction with the rsa token should be strong enough. Plus brute force attack shouldn't work because you get locked out after 3 failed attempts.

  13. #13
    G4Z
    G4Z is offline
    I'dlikesomebuuuurgazzzzzz G4Z's Avatar
    Join Date
    Sep 2003
    Location
    geordieland
    Posts
    3,172
    Thanks
    225
    Thanked
    141 times in 93 posts
    • G4Z's system
      • Motherboard:
      • Gigabyte GA 965P-DS3
      • CPU:
      • Intel Core 2 Quad Q6600
      • Memory:
      • 4gb DDR2 5300
      • Storage:
      • 2.5Tb
      • Graphics card(s):
      • Gigabyte HD4870 512mb
      • PSU:
      • Tagan 470W
      • Case:
      • Thermaltake Tsunami Dream
      • Operating System:
      • Vista 64bit
      • Monitor(s):
      • Dual Acer 24" TFT's
      • Internet:
      • 16mb sky ADSL2
    Right, going to clarify a few technical issues here.

    Vista will be part of the Trusted computing scheme aka treacherous computing


    http://en.wikipedia.org/wiki/Trusted_computing


    The key will be stored on a chip on the board in hardware (encrypted with AES) and the idea is not so much that it will protect your files (although it will) its that the system can validate any software that runs. Part of this will be the implementation of DRM and I belive the whole thing will tie in with the new Blu Ray and HD-DVD formats.

    The idea being that if not every device in the chain supports the HDCP protocol (and another form of CSS on the disk) it will not allow it to be viewd at full res.
    Further it will have the funcionality to "brick" any blacklisted devices.

    So you compromise your key and use that to play copied media, your system phones home, keys dont match anymore or ther realise you tampered with it and bang, your shiny new mobo is a brick. The idea is that this will extend to Displays, DVD players, set top boxes... the works.

    A truely evil thing for more reasons than I stated, check out the wiki for more info.

    The govt wanting a backdoor seems entirely in line with everything else they have been doing, do you know that you can now be forced to hand over an encrytion key, if you dont you can be prosecuted?

    This is not really a shocker, and I would be surprised if they dont get a backdoor. I have been a windoze user for many years and Im seriously considering switching to Linux, the only thing holding me back is the games support.
    Last edited by G4Z; 17-02-2006 at 08:22 PM.
    HEXUS FOLDING TEAM It's EASY

  14. #14
    HEXUS.Metal Knoxville's Avatar
    Join Date
    Jul 2003
    Location
    Down In A Hole
    Posts
    9,388
    Thanks
    484
    Thanked
    442 times in 255 posts
    • Knoxville's system
      • Motherboard:
      • Intel X58
      • CPU:
      • Intel i7 920
      • Memory:
      • 2GB DDR3
      • Storage:
      • 1TB
      • Graphics card(s):
      • ATi HD3450
      • PSU:
      • Generic
      • Case:
      • Cheap and nasty
      • Operating System:
      • Vista 64
      • Monitor(s):
      • 24" LG LCD
      • Internet:
      • Virgin Media 20mb
    ridiculous tbh, the government already has the right to request the key to any encryption over 128bit for criminal investagations now, all this does is leave the average user more vunerable.

  15. #15
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,945
    Thanks
    171
    Thanked
    388 times in 315 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    Quote Originally Posted by Spud1
    fair point but isn't the sam file (assuming we are talking about the same thing here) also a pain in the ass to decrypt? I know that replacing it is easy enough, but I thought that actually obtaining the password from it was just as difficult requiring a long attack again..i'm probably wrong here and if so would be interested to know more

    got any links you can point me to?

    oh and the crimials thing? Criminals who get caught are not usually that smart no, but the clever ones don't get caught...
    Technically the SAM file is undecryptable, but in reality it is. I dont know how they get around it TBH as in a standard config, the passwords aren't actually stored, a hash of the password is stored, and every time you type the password is typed in, what you type is hashed and windows compares the hashes. I guess to reverse engineer the password, they do a dicttionary style attaack by just hashing loads of words and somparing the hash to the one in the SAM.
    My point was that instead of trying a brute force attack on a 128 bit key, you are brute forcing the password - the weakest link and a lot easier then the key itself
    There was a really good article in PCW magazine a few years ago and it actually explained public key encryption back to first principles - complete with maths and everything. They managed to fit the guts of it on a 2 page spread. I dont have any links to hand but it might be worth giving www.howstuffworks.com a look and a google.

    Oh and point taken about the criminals.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  16. #16
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,945
    Thanks
    171
    Thanked
    388 times in 315 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    Quote Originally Posted by jimborae
    Hmm well what about hard disk encryption software that you need authenticate yourself to before loading & logging onto Windows. e.g. Pointsec, which we use at work inconjunction with RSA tokens to authenticate. Surely then the Windows logon details are encrypted & the Pointsec password inconjunction with the rsa token should be strong enough. Plus brute force attack shouldn't work because you get locked out after 3 failed attempts.
    Do you think they log onto the PC to try the passwords?
    They get the encrypted data off the HDD in its entirety and run their attacks on that using their own software. It doesn't matter if the software says you can only try 3 times, they dont use the original software so they can brute force it. Of course that does mean they have to break the HDD encryption and then the windows encryption but its still doable.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 63
    Last Post: 14-11-2011, 09:17 AM
  2. The future of OS/2 - Open source or not?
    By Steve in forum HEXUS News
    Replies: 11
    Last Post: 18-07-2009, 08:06 PM
  3. Windows - how to use it more securely
    By Paul Adams in forum Software
    Replies: 12
    Last Post: 07-02-2006, 04:18 PM
  4. ATI Catalyst 5.8 released
    By =TcQi= in forum Graphics Cards
    Replies: 17
    Last Post: 18-08-2005, 12:35 AM
  5. Windows XP Email?
    By joshwa in forum Software
    Replies: 9
    Last Post: 18-01-2004, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •