Warning: Missing argument 2 for wpdb::prepare(), called in /home/stromber/public_html/kryptoblog/wp-content/plugins/wp-super-edit/wp-super-edit.core.class.php on line 109 and defined in /home/stromber/public_html/kryptoblog/wp-includes/wp-db.php on line 1222
Uppdaterade säkerhetsfunktioner med Vista SP1 » Kryptoblog

Uppdaterade säkerhetsfunktioner med Vista SP1

February 6th, 2008 by Joachim Strömbergson Leave a reply »

Magnus Lindkvist på Microsoft tipsar om en sida på Microsoft TechNet med information om releasekandidaten av Windows Vista SP1.

Tittar man på den sidan hittar man en hel del som har med IT-säkerhet, krypto etc att göra. Jag grävde ut några som jag tyckte verkade intressanta:

• Improves Windows Vista’s built-in file backup solution to include EFS encrypted files in the backup.

• Service Pack 1 includes supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection.

• The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode.

• Improves BitLocker Drive Encryption by offering an additional multi-factor authentication method that combines a key protected by the TPM (Trusted Platform Module) with a Startup Key stored on a USB storage device and a user-generated Personal Identification Number (PIN).

• Adds support for new strong cryptographic algorithms used in IPsec. SHA-256, AES-GCM, and AES-GMAC for ESP and AH, ECDSA, SHA-256, and SHA-384 for IKE and AuthIP.

• Adds the NIST SP 800-90 Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNG in Windows Vista.

• Adds support for SSTP (Secure Sockets Tunnel Protocol), a remote access VPN tunneling protocol that will be part of Microsoft’s RRAS (Routing and Remote Access Service) platform. SSTP helps provide full-network VPN remote access connections over SSL, removing some of the VPN connectivity challenges that other VPN tunnels face traversing NAT, web proxies, and firewalls.

• Adds support for Windows Smartcard Framework to enable compliance with the EU Digital Signature Directive and National ID / eID.

• Adds support in the Wireless Client for a new FIPS (Federal Information Processing) compliant mode. This mode is FIPS 140-2 compliant because it moves the cryptographic processing from the wireless network card to an existing FIPS-approved cryptographic library.

• Enhances Windows Firewall and IPsec to use the new cryptographic algorithms that are Suite B compliant.

Bra att se att Microsoft försöker lösa tidigare rapporterade problem med sin PRNG. Dock verkar man fortfarande inte köra med Yarrow/Fortuna och det står inte hur den har testats. Samtidigt inkluderar alltså SP1 den NIST-specade PRNG som Microsofts egen kryptolog Niels Ferguson varnat för.

Överlag verkar det vara mycket uppdateringar för att följa standarder. På pappret ser det bra ut och ett steg framåt – nu gäller det bara att SP1 skall komma ut i verkligheten.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.


Leave a Reply

You must be logged in to post a comment.