Here’s something that is likely to get the attention of Windows 10 users. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers as disk encryption is turned on by default. Here’s what the article says:
The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.
As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it.
As [Matthew] Green [professor of cryptography at Johns Hopkins University] puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”
How delightful. At least with File Vault on my Mac, I get the choice as to how that encryption key is stored. I’m guessing that Microsoft had the best of intentions when they came up with this scheme. But their execution wasn’t all that good.
Now if you’re the paranoid sort, the article does have instructions on how to delete the encryption key. But I’ll point a couple of things out here. First, you need to make sure you have a copy of this key that is stored someplace else. That way if you need it, you can use it to get access to your data. Second, even though Microsoft promises deletion of this key instantly, who knows if that is true, or if someone has already copied the key? And that’s the crux of this. If you’re the paranoid sort, you don’t want this key outside of your control. You’d also like to know if it could possibly leave your control.
One final point. The problem with a Microsoft account is that your computer now answers to Microsoft’s authentication servers, which means they ultimately hold the keys to unlocking your computer. In scenarios such as the above, or a government request, or social engineering, practically anybody could unlock your computer. Does using a Microsoft account for your computer sound like a good idea?
Like this:
Like Loading...
Related
This entry was posted on December 29, 2015 at 10:47 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
If You Use Windows 10, Microsoft May Have Your Encryption Key
Here’s something that is likely to get the attention of Windows 10 users. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers as disk encryption is turned on by default. Here’s what the article says:
The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.
As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it.
As [Matthew] Green [professor of cryptography at Johns Hopkins University] puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”
How delightful. At least with File Vault on my Mac, I get the choice as to how that encryption key is stored. I’m guessing that Microsoft had the best of intentions when they came up with this scheme. But their execution wasn’t all that good.
Now if you’re the paranoid sort, the article does have instructions on how to delete the encryption key. But I’ll point a couple of things out here. First, you need to make sure you have a copy of this key that is stored someplace else. That way if you need it, you can use it to get access to your data. Second, even though Microsoft promises deletion of this key instantly, who knows if that is true, or if someone has already copied the key? And that’s the crux of this. If you’re the paranoid sort, you don’t want this key outside of your control. You’d also like to know if it could possibly leave your control.
One final point. The problem with a Microsoft account is that your computer now answers to Microsoft’s authentication servers, which means they ultimately hold the keys to unlocking your computer. In scenarios such as the above, or a government request, or social engineering, practically anybody could unlock your computer. Does using a Microsoft account for your computer sound like a good idea?
Share this:
Like this:
Related
This entry was posted on December 29, 2015 at 10:47 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.