Another so-called article with no real proof. If they really found something, show it. Show the code and/or exploit. People have been saying this for years, since the so-called "NSA_KEY" was found in Windows registry. If there truely is a backdoor, and they found it, then anyone should be able to access it.

You make a good point but I like posting speculative links about security flaws in Goliath, Linux being David, lol. It's all good.

On the flipside, publishing accusations like that can get one heavily sued, have they been? Any proof?

That article is pure, unadulterated, steamy bullsh1t of the highest o(r)d{o|e}r, and the original German article isn't much better. First, it contains basic reporting errors. There is no such feature called "Trusted Computing" in Windows 8. Many computers today include a hardware feature known as a Trusted Platform Module. A TPM is a chip on the motherboard whose only function is to store cryptographic secrets. The TPM is designed according to open specifications published by the Trusted Computing Group.

A TPM module can be used by the operating system to perform code validation during boot. If at any point in time a validation sequence fails, the computer immediately halts. For scenarios in which there is real risk of malicious OS tampering, a TPM is offers effective protection. Both Windows 7 and Windows 8 support this function.

The TPM's cryptographic secret storage feature can be used in other ways, too. BitLocker, also present in Windows 7 and 8, can store volume encryption keys in the TPM. This ensures that the decryption keys are released only after a valid operating system loads, and also guards against attempts to boot or otherwise read a system's hard drive in some other system. Linux can also use TPM (see tpm-tools, libtpm, libtsp, trousers).

The following diagram illustrates, at a high level, how OS validation works:



Oh, wait, what's that? A Google Chromebook? Why, yes, indeed it is! Not a hint of Windows anywhere. Out of the box, a Chromebook uses TPM to protect the operating system from tampering. TPM is platform-neutral.

Here's an example of what a TPM looks like. Note that it's designed to be soldered directly to the motherboard, which is one of many tamper-proof features the chip includes:



Oh, wait, who's the manufacturer? Infineon, a fscking German company, who just happens to be the largest supplier of TPM chips.

@Steve...thanks for the clarification, heh, from now on, I won't be so quick to post cheesy links, after all, Microsoft does a great job at sending us disgruntled users all on their own, they really don't need my help, lol.

Steve just demonstrated why his presence on this forum is so valuable. No one dislikes Microsoft's marketing and competitive tactics, and its lack of ethics, more than I do, but Steve's knowledge of Windows and his 9 years (or was it 11 ?) experience working for Microsoft allows him to separate MS crap from crap about MS and Windows. While I personally don't like Windows (or Mac as far as that goes) there are times when one must use the OS regardless. My experience with the forum in the past is that is is NOT anti-Windows. Folks who use Windows aren't criticized for asking Windows related questions here. After all, we were all Windows users at one time, whether we liked it or not!

I've heard of the "NSA Keys" years ago, and tended to believe that those two 16bit addresses were NSA back doors, but by all accounts from folks who know they are not. However, there is no doubt that Microsoft got a patent for "Legal Intercept", a software spy program, and that after they bought Skype they moved the "supernodes" a server (Linux?) farm, Now, however, there are accusations that "Legal Intercept" is installed on servers in the Skype server farm and allows Microsoft and anyone they allow to eaves drop in on Skype conversations. Skype officials deny this but, IMO, there is too much info about NSA snooping to give serious consideration to the denial.


This

I certainly cannot argue with this. In fact, it's largely why I'm here

Thank you for the kind words, Jerry. (It was 11.)

You are referring to a variable in the source code called _NSAKEY, which contained a 1024-bit public key. NT 4.0 included two signing keys: one stored in _KEY and the other in _NSAKEY. Both belonged to Microsoft, and only to Microsoft. At the time, the NSA set regulations with respect to cryptography. We named the variable _NSAKEY because it contained a key that complied with NSA regulations. The only reason this ever came to light is because we forgot to remove the debugging symbols -- which contain variable names -- in the crypto driver DLL when we released NT 4.0 service pack 5.

Two facts should disabuse you of any conspiracy theory. First, we never actually signed any code with _NSAKEY -- even the export versions of NT 4.0 used only _KEY. Second, a bug in crypto_verify() allowed replacing the value of _NSAKEY with any arbitrary key of your choice. Yes, sometimes bugs work out in your favor, heh. The Wikipedia article summarizes the situation quite well. I personally know Richard Purcell and Scott Culp; they are gentlemen of outstanding character and I trust them. (Richard has left Microsoft; Scott is still there.)

Regardless, key or no key, why should we trust an OS that nobody except select developers have the right to see the code (under severe threat if disclosed, correct me if I am wrong Steve), this has been the bane of many users' existence. I can scrutinize literally every bit (pun definitely intended) of Linux and the software that runs in/on it.

https://www.microsoft.com/en-us/shar...e/default.aspx

Unless you have actually taken the time to do this yourself, personally, then your argument falls apart.

I didn't see the link for the average domestic user to view the code, am I missing something?

As for scrutinizing Linux code, that's exactly the point, I can if I want to.

Please tell me how you have:

1. Provably verified that https://github.com/torvalds/linux/bl.../aes_generic.c and https://github.com/torvalds/linux/bl...86_64-asm_64.S constitute a complete implementation of Rijndael and only Rijndael, the algorithm used in AES

2. Ensured that /lib/modules/$(uname -r)/kernel/arch/x86/crypto/aes-x86_64.ko on your machine has been built from the aforementioned provably verified source

It's common for people to assert that Windows contains a backdoor, but I've had a look online in the past and haven't found any evidence.

If there WAS a backdoor, and good reason to suspect that there was, then I'm sure part of the problem would be having enough evidence to absolutely prove it without Microsoft's lawyers destroying you. If there were governments with access to the backdoor then they would have an interest in covering it up, too. So, annoyingly, absence of evidence isn't evidence of absence!

So, what I'm trying to say is I completely understand why people think that there might be. Is it all just Chinese whispers? Was there an original observation that created the reasonable doubt in the first place, or did someone just assert that a backdoor existed, which got the ball rolling?

Personally, I'm careful not to say that there IS a backdoor in Windows, only that there might be. Then again, there might be one in Linux, even though I think it's far less likely.

Feathers

Let's see....
aes.h calls crypto.h which calls aes-generic.c and compiles to the desired kernel module. It contains:
which calls the external constants which comprise the heart of the FLIPS-97 algorithm.
Those constants are supplied by aes_generic.c For example, line 329 shows the beginning of the substitution matrix:
FIPS-197, about half way down, shows that substitution matrix as:
In that matrix shown in Figure 7 are the exact same hexidecimal numbers shown in aes_generic.c (I would cut & paste them but that process doesn't work well for that document).

As FIPS-197 explains, those hexidecimal numbers convert to binary numbers. The "1"s in the binary number indicate which of the terms of a 7th power polynomial is selected to XOR in order to create the substitution matrix used in the calculation. The equations of the calculation are the same.

All that needs to be done is to download the Linux source for the kernel being used, compile it, and compare the compiled ko file with the one supplied. I'd wager that they'd match 100%.

Does Windows contain a back door? Can you access and read the source code for Windows?

In light of what is going on with all the spying and that Microsoft is a BIG technology corporation, who gives a lot of money to the government and pays no taxes who thinks they have the right to tell you how you can use your computer, and you have questions weather or not Microsoft would work with a spy agency and ignore the rights of the people? Follow the money!!!!