Microsoft employee Raymond Chen says that an encrypted copy of Microsoft Bob is included on the Windows XP CD to take up space.
But Windows XP doesn't take up the entire CD; there is a lot of free space remaining.
Is the story true?
Asked
Active
Viewed 3,647 times
23
-
10According to the article, the copy of Bob was not to "take up the entire CD", but to create "ballast data" for the Windows Installer to verify. – Dour High Arch Dec 16 '12 at 04:51
-
12Given the source, I'd say this is probably true. – Arkady Jan 24 '13 at 14:02
-
4...yet unverifiable. A disk image, encrypted, is (should be) undistinguishable from random noise. Therefore, unless the (unknown) passphrase somehow surfaces (improbable), there is no useful way to verify this. – Piskvor left the building Mar 13 '15 at 16:07
-
1*«A disk image, encrypted, is (should be) undistinguishable from random noise.»* not necessarily, given that commonly used encryption algos of the era were later discovered to be susceptible to cryptanalysis. – vartec Mar 16 '15 at 21:41
-
Looking at the article, it should likely be in a file.... (Or at least in something that would be kept in a CD image - you can make an image of the CD and find areas not referenced by the filesystem....) – Gert van den Berg Apr 17 '18 at 08:17
-
@vartec, the commonly-used file encryption algorithm of the time was 3DES, which has no known practical attacks. Of the other ciphers in use, Blowfish has a weakness that requires at least 4GB of data (more than will fit on a CD), and IDEA has a weakness that is impossible to use in practice. Others (eg. RC5) are still unbroken, or were known to be weak and thus generally unused (eg. plain DES). – Mark Oct 05 '21 at 02:03
-
@Mark first of all 3DES is susceptible to cryptanalysis, 168-bit key only provides 80-bits of actual security. Mind you that we're not talking about decrypting the whole thing, just verifying or not if it's random noise or files, which are at least partially known. Besides highly unlikely they've used proper encryption, rather than some crappy content scrambling. – vartec Oct 05 '21 at 23:33
-
2@vartec, 3DES with 168-bit keys provides 112 bits of security; it's only the two-key variant (112-bit keys) that only provides 80 bits of security. All cryptanalytic attacks on DES and 3DES require enormous numbers of chosen or known plaintexts, a situation that doesn't apply here. There's no known attack that will let you inspect a single set of data and decide if it's a collection of random numbers or a DES/3DES-encrypted message. – Mark Oct 06 '21 at 00:06
-
1I have several original XP CDs, what method would be preferable in proving or disproving this, how would I demonstrate it to the standard required for an answer if it's my original research (If this is even possible). – Aaargh Zombies Nov 27 '22 at 12:41
-
1One Dave Plummer, former Microsoft employee, openly "admits" to have administered the whole process on his Youtube channel - https://www.youtube.com/watch?v=rXHu9OmLd8Y – doppelfish Aug 04 '23 at 19:52
1 Answers
4
This is very likely to be true
This story is verified by the programmer, Dave Plummer, who included the encrypted copy of Bob on the XP installer. He talks about it in a video on his YouTube channel here. According to him he needed a large blob of uncompressible data that he could be sure that the company had the legal rights to. Since Microsoft at the time of Bob was distributed by floppy disc, they put a great deal of effort into compressing installers as much as possible, this seemed to him to be a sensible source of such data. And he thought it was funny. He then encrypted the code through several encryption programs before using it and putting in on the XP installation CD.
But impossible to verify
After encryption that data is indistinguishable from random noise, so the only way to verify this would be to unencrypt Microsoft Bob from an XP installation CD. However, as Dave Plummer states that he has lost the passwords used for encryption, this is not possible.
Jack Aidley
- 2,524
- 2
- 17
- 20