It has been discovered that Microsoft has decided to include a random number generator in Vista's Service Pack 1 that has a known flaw.

Known as *Dual_EC_DRBG*, this algorithm utilizes a set of constants based on elliptical mathematics in order to seed a second set of numbers. This means that the second set of numbers is based off of the first set of constants. Thus, anyone who possesses the set of constants could theoretically determine the next number the generator would spit out, creating a security risk.

What's even stranger is that Microsoft has also included the *CTR_DBG* algorithm, widely-considered more full-proof, set as the default generator. Thus, developers would need to make a conscious effort to use the flawed algorithm. This begs to question why Microsoft included the *Dual_EC_DRBG* algorithm in the first place.

Is Microsoft so far gone that they are including things for absolutely no reason at all? Or does this algorithm have some hidden function?

Discuss in our **Forums**