Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption (windows.com) 108
At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.
Business as usual (Score:1)
Doing business with totalitarian governments is all good as long as the money keeps pouring in.
Re: (Score:1)
Doing business with totalitarian governments is all good as long as the money keeps pouring in.
TFS says China, not the US.
Totalitarianism (Score:5, Insightful)
I have to remind you that "totalitarianism" is not a synonym for "a government I don't like", nor even "a government that does despicable things."
It is "a system of government that is centralized and dictatorial and requires complete subservience to the state."
The US does not (yet) assert total control over its citizens, although some political factions might like to go in that direction.
Re: (Score:1)
You need to step out of the basement, that is exactly how the US operates in several key areas: border intersections, airports, etc. You just don't want to acknowledge that fact.
Re: (Score:1)
If the scan-strip and physical groping of kids is "authorization", the US is doomed.
Re: (Score:3)
Re: (Score:3)
I am allowed to mock and ridicule the leader of my country in the US, it's practicaly my civic duty to do so. I don't know of any totalitarian governments that allow that sort of freedom.
Do not mistake a few totalitarian like facets to be the same as being in a totalitarian state.
Re: Totalitarianism (Score:1)
Re:Totalitarianism (Score:4, Interesting)
Interestingly, China used to be a totalitarian state but I think they've moved over into the authoritarian state category.
Re: (Score:1)
Governments evolve this way because at the end of the day it's not cost-effective for one group to control every aspect of everyone's life. e.g. if they're projecting their authority to control what you have for breakfast every day then that's a lot of paperwork for something which gains them very little power, in fact it drains the ruling party's resources.
Re: (Score:2)
Also it's hard to maintain totalitarian rule when you have a growing, politically significant middle class.
Re:Business as usual (Score:5, Interesting)
But who is the totalitarian government? China or the United States?
Being that the world is recovering for a wide spread ransom ware attack caused from an long time "unpatched flaw" used by the United States National Security Agency. It would make sense for a government such as China to try to protect its data with its own "security measures".
I am not being naive in not bringing up that China will probably have an encryption algorithm with a back door so the government can weed out subversives. However chances our our counties being the United States, United Kingdom, Canada, Germany, France... Are not agencies of good and riotous, but have a complex set of national needs to protect order.
While I am sure profit was Microsoft big factor, however there is also a general global self interests to make sure the world stays up to date in software. Being that Windows is so dominate world wide not caving in for this case, would mean China would use outdated hacked versions of Windows, with their spying happening anyways. At least with Microsoft having some control, the fact that the Chinese Windows 10 has Government Encryption will let subversives to know what not to use.
Re: (Score:3)
Encryption is not tied to any one country. If they switch from AES (which has no backdoors) to ANYTHING ELSE then it is by definition less secure. There is no security benefit from using their own encryption. Even a conspiracy theorist would admit that the chances of AES being broken by even the NSA is close to 0.
So this change by China is not about protecting itself from foreign governments but is completely about controlling information and allowing itself to spy on its citizens.
Re:Business as usual (Score:5, Insightful)
Also read about the first 6 rounds of AES which were "solved" by someone. If the first 6 rounds have been broken, the rest isn't far off.
Terrible leap of logic here. There are lots of things that are easy for the first few iterations and then grow exponentially in difficulty. Take this anecdote about Ramsey numbers for instance:
Erdos asks us to imagine an alien force, vastly more powerful than us, landing on Earth and demanding the value of R(5, 5) or they will destroy our planet. In that case, he claims, we should marshal all our computers and all our mathematicians and attempt to find the value. But suppose, instead, that they ask for R(6, 6). In that case, he believes, we should attempt to destroy the aliens.
Moreover, the attacks you are referencing are only theoretical attacks that reduce the complexity of breaking AES from 2^128 to 2^100, still far out of reach for existing technology. They also require a very cumbersome security model where the attacker gets to observer ciphertexts encrypted under several keys that are mathematically related to the target key. This does not happen in real life.
About this:
It was designed weak with a large keyspace that intentionally produces weak keys if selected at random. Only a small subset of the keyspace has strong security.
This is complete nonsense. No one has ever discovered weak keys in AES.
Re: (Score:2)
The backdoor in AES is the selection of strong keys.... Do not forget this.
Please identify a weak key or a structure for a weak key for AES that leads to a practical attack. I know of no such attack.
Re: (Score:1)
It can have both. The government ones will need a backdoor for the government to get in to monitor their employees, they could use the same thing on PCs shipped to citizens.
Re: (Score:3)
If they switch from AES (which has no backdoors) to ANYTHING ELSE then it is by definition less secure. There is no security benefit from using their own encryption.
This is the most preposterous and uninformed bullshit about cryptography I've heard for a long time. AES had fairly low security margins even at the time it was introduced, and it is easy to come up with a slower, but ostensibly more secure Feistel cipher provided you have some expertise in cryptography and cryptanalysis and are careful. AES has been developed as a replacement for 3DES, with speed and applications in finance and bank transactions in mind, not for high security demands. It makes a lot of se
Re: (Score:2)
Low security margin? Perhaps you care more about idealism than security. AES-256, as it stands with current methods, can't be feasibly broken within the lifetime of the sun with all of the energy contained within the sun. Just ask Bruce Schneier, whom, by any account, is more of a valid authority than butzwonker.
Lower. Jesus H. Read before you type. Also learn what security margin means with respect to block ciphers. It's difference between the number of rounds in the algorithm and the number of rounds broken in the best known attack. With AES it is absolutely lower than many other block ciphers.
Re:Business as usual (Score:4, Informative)
The Chinese block cipher is called SM4 [wikipedia.org] and its algorithm is publicly available. It is a pretty standard Feistel construction, if it is truly vulnerable then people will discover that and then everyone will know. That is how science works.
Re:Business as usual (Score:4, Informative)
What makes you think this is about AES and what makes you think the algorithms that China wants to use are not superior to the NIST options?
In the case of hashes, the Chinese options are simply better both in terms of resistance to known attacks and implementability and come courtesy of the professor who broke SHA-1, who is Chinese.
NIST fucked up royally with SHA3, putting it up to a popularity vote. The Europeans turned up at the meeting in strength and voted for the home team. It had nothing to do with the algorithm. Hence the adoption of SHA3 in hardware is going nowhere. We wanted a new hash, not a license to waste gates and power.
There was an interesting dynamic at ISO SC27 WG2 a couple of years ago, where the Chinese (literally, the proposals come from nation state delegates) hash proposal was presented, along with a proof of why all the SHA were fucked and why the new structure dealt with it. At the same meeting, the NSA were there presenting Simon and Speck block ciphers for adoption by ISO (which are superb ciphers from any way you look at it, far superior to AES or SMS4 in implementability and at least as secure in security). The crows were having none of it. All comments were of the form "You're the NSA and we don't trust you". Keep in mind the comments are coming from representatives of governments. not individuals. I am not a US citizen, but I was a US delegate.
China has a legitimate reason to dislike some of the NIST crypto options and legitimate reasons to prefer their own.
If this was open source people would be happy that you could use your own choice of crypto algorithms. Microsoft would be better off making the crypto plugable in windows for the rest of us, not just the Chinese government.
Re: (Score:2)
But who is the totalitarian government? China or the United States?
China.
Being that the world is recovering for a wide spread ransom ware attack caused from an long time "unpatched flaw" used by the United States National Security Agency. It would make sense for a government such as China to try to protect its data with its own "security measures".
That is indeed sensible, but it is unrelated to totalitarianism. The fact is that China is a totalitarian system.
Re: (Score:2)
It would make sense for a government such as China to try to protect its data with its own "security measures".
China should make its own operating system to their own spec, and no one can buy it, and no one can pay their engineers who worked on it, and they can suck it.
No one should be catering to their government's needs, it should be free to fall on its face.
Re: (Score:2)
But who is the totalitarian government? China or the United States?
Compared to China's recent past, neither. I suspect it doesn't matter, though, as you're probably ignorant of most actual human rights issues in the world, and are narrowly focused on the excesses of the NSA, CIA, and FBI versus how much each government actually tries to control its citizens' public and private lives.
Being that the world is recovering for a wide spread ransom ware attack caused from an long time "unpatched flaw" used by the United States National Security Agency. It would make sense for a government such as China to try to protect its data with its own "security measures".
This is also ignorant. The security flaw would still be there, for someone else to discover, if the NSA had not discovered it. It would also still be there if they had not informed MS so that i
Re: (Score:2)
But who is the totalitarian government? China or the United States?
China obviously, to suggest otherwise makes we weep for our future. You apparently have no understanding of Totalitarian means or your blind rage at the abuses of our government has cause you to loose perspective entirely. Totalitarianism is more about breadth of government than structure or power. In theory you can have totalitarian republic, in practice I am sure eventually people would get tired of it and no matter how propagandized would start to vote for people seeking to relax the rules. When tota
Re: (Score:2)
There is nothing "usual" in this. Windows telemetry is already the largest surveillance operation in the world, handing the keys over to the Chinese government will give them some very scary probing capabilities.
Re: (Score:2)
Re: chinese government (Score:3)
Re: chinese government (Score:4, Interesting)
> It's funny that people don't realize that
> MS's holds the master encryption key,
> which they'll happily share with whomever pays the most ... or any court that orders them to.
That said, Microsoft has UNQUESTIONABLY taken steps to limit the scope of any one court's or government's ability to compromise that master key by using it to encrypt sub-keys used to encrypt sub-sub-keys used to encrypt the *actual* key they'd have to reveal.
Example: a new installation of Windows generates a 256-bit salt (probably derived from the license key or GUID) & stores it locally, then communicates it to Microsoft (who also discerns the country). Microsoft computes the sha256 hash of that salt plus their own sub-sub-key, then repeats it a million times with the output of the previous hash in place of their sub-sub-key. They then communicate the final hash back to the newly-installed Windows, which securely stores a copy & uses IT as its master key going forward. If a future court demands the key, MS obtains the salt from the computer in question, re-derives the key, and shares THAT with the court. Salt unobtainable? Mathematically-impossible to re-derive the key in any sane amount of time. Key revealed? The court can now decrypt THAT computer, but no other. If push came to shove, Microsoft shares the sub-sub-key(s) for that jurisdiction plus the algorithm, and tells them to have fun.
The important point: the master key ITSELF is stored in pieces distributed across multiple jurisdictions, INCLUDING Russia and China... the likelihood that they'd ever act in union is approximately zero. So the US might be able to compel Microsoft to disclose their "US" sub-key(s), and the pieces of the master key that US courts can order the disclosure of, but it would NEVER be able to obtain the complete global master key.
It sounds like in this case, Microsoft has basically generated a new master key for the China-Government edition, delegated responsibility for its safeguarding to China, and washed its hands. It has no implications for non-Chinese users, unless you're using a pirated Chinese-Government copy (which, in all likelihood, will have so much malware added by whomever made the pirated copy available, the theoretical ability of China's government to decrypt it would be the LEAST of your real-world problems).
Re: (Score:2)
That's bad enough if it's MY computer.
Re: (Score:1)
You have literally no idea what you are talking about.
None of those words go together.
Re: chinese government (Score:2)
Encryption isn't an insurmountable barrier... it's just a speed bump. Hopefully, a really big one that can't easily be driven around... but a speed bump nonetheless.
Realistically, if you encrypt a 128-bit AES key using a 2048-bit RSA key and follow all current best practices for padding & implementation, you can feel 99.9% confident that an attacker with the resources of a state espionage agency won't be able to defeat it within 5 years... 99% confident they won't be able to defeat it within 10 years, a
Re: (Score:2)
How's that "alternative" in Win10?
Windows 10, as it should have been. (Score:5, Insightful)
Controlled updates, managing all telemetry, and rolling your own encryption? Where can I buy this magical product?!?
Re: (Score:2)
Re:Windows 10, as it should have been. (Score:4, Interesting)
Or we could just *snicker* pirate a Chinese version.
Oh the ironing!
Re: (Score:2)
Or just wait for the next windows update.
Can I have a copy. (Score:5, Funny)
"remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates"
Excellent! Where can I get a copy?
Re: (Score:1)
Me too. This is exactly the Windows I've been wanting for years. Does MS even realize what a market there is for this in the US?
Re:Can I have a copy. (Score:4, Insightful)
Sure they do, but the market for your data is much better. Also, people bitch a lot but they keep buying Windows, so why would Microsoft care what their users think?
Re: (Score:2)
Got to Linux? Check.
Program needs Windows to run? Does it run in $old_version? If yes, install $old_version in VM. Seal it against network so the fact you're using $old_version of Windows doesn't cause a security problem.
Problem solved.
Re: Can I have a copy. (Score:2)
Want to buy party membership?
Re: (Score:2)
There may be hope for the rest of the world. If Microsoft puts in the necessary work to remove all that stuff and keep the OS working, chances are there will be some way to enable the enhancements on other versions too.
Enable The Government To Use Its Own Encryption (Score:2)
"enable the government to use its own encryption algorithms"
Re:Enable The Government To Use Its Own Encryption (Score:5, Interesting)
"enable the government to use its own encryption algorithms"
This would either imply one of two things (or both):
1. The Chinese Government wants to install encryption backdoors in its own systems, to prevent employees from keeping secrets from it.
2. The Chinese Government is worried that the US government has installed encryption backdoors in the standard algorithms and wants to enable its employees to keep secrets from the US government
Re: Enable The Government To Use Its Own Encryptio (Score:3, Interesting)
Could be both.
Fear of US back doors, wants Chinese back doors.
I suspect though that it will end up being less secure wither way. Less tested for attack however they implement it.
Re: (Score:2)
How long will it be before someone in the current US government asks for a "Freedom Edition" requiring NSA-provided encryption, I wonder?
Maybe it would just mandate use of a particular elliptical curve algorithm...
Torrent? (Score:2)
It should be easier to determine what Chinese servers to block at the firewall than to play Microsoft's game of obfuscating where the telemetry data is being sent to.
Meanwhile (Score:5, Insightful)
this should be a clear message to ALL of us (Score:5, Insightful)
People may brush this off in the USA but countries in other countries potentially doing international business, scientific research, or many other things may not their information going to a foreign power. We weren't exactly thrilled when NASA emails wound up being copied to China with a simple DNS availability message boost (we have since corrected, THAT was scary). Windows 10 is and has always been a trojan in it's very conception and we all need to say "No". Windows 7 or Linux, possibly Apple (but I'm not sure I trust them with their iron grip policies particularly on their Iphones) are perfectly user friend/usable solutions.
Those In the Medical profession, I know many hospitals/doctors are stuck with Windows-only drivers/software packages but the medical industry is going to have to make some serious choices: either publicly tell the world their information will go the US Government/Microsoft (for possibly sale) or the medical community will have to demand drivers//software versions that are Linux or Mac compatible. Some are staying on Widows 7 for this reason, but MS had is trying to pressure everyone to go to Windows 10 either by withholding critical updates (they did patch XP for the NSA contributed ransomware so clearly some mandates there) or possibly through other means. (remember, they did start by force feeding which got a public stick) There could even be legal implications for lawyers and medical professions that could be violated here. Hopefully we'll start getting the message soon. It's becoming a not so brave new world.
Re: (Score:3)
Fixed headline (Score:1)
Re: (Score:3)
The difference to the version everyone else is using is the "China" part, I get it?
NSAKEY (Score:1)
Does it still contain NSAKEY [wikipedia.org]?
what about Windows EU edition? (Score:1)
I wonder what happened to the EU version with that window thing that let you get another browser, or that other EU version without the media player (rofl).
trump should remove there H1B's from china for thi (Score:2)
Trump should remove there H1B's from china for this. This IS THE USA WE DO NOT BOW TO RED CHINA!!!
Possible +/- side-effects of special version (Score:1)
Assuming that it will have a specific version identifier, this could have the side-effect of clearly identifying Chinese government computers, marking them as prime targets for their foes, but conversely also eliminating the risk of friendly-fire.
Huh... (Score:2)
Man, the chinese government just gets all the good things.... wait what?
Nothing to see here folks, move along (Score:1)
M$ has done anything the CPC has asked of them.
Yet, the CPC does nothing about software piracy so M$ continues to lose revenue.
“Compromise is a stalling between two fools.” - Stephen Fry
Can you imagine (Score:2)
The backdoors this software is going to have?