[52273] in Cypherpunks
Re: M$ CryptoAPI Question
daemon@ATHENA.MIT.EDU (Rich Graves)
Mon Mar 18 03:04:23 1996
Date: Mon, 18 Mar 1996 00:02:16 -0800 (PST)
From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
In-Reply-To: <199603180605.WAA22290@dns1.noc.best.net>
On Sun, 17 Mar 1996 jamesd@echeque.com wrote:
> At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
> > I wonder if it's worth it to crack their approval mechanism so we can
> > add our own crypto subsystems without asking Microsoft's approval.
[...]
> Wait until Microsoft makes some oppressive decisions,
> or is compelled to make some oppressive decisions.]
>
> I do not expect that any cracking will be needed. Microsoft
> will approve a freeware module for use in America, and then,
> alas alas, someone will leak it.
If the only goal is to allow international strong crypto using the
CryptoAPI, then I agree with the above. However, exploring the CryptoAPI
internals now, while there is still a possibility that they can be
changed, is a productive undertaking to the extent that it exposes holes.
If the good guys can find a way to plug an unapproved international
strong-crypto module into the CryptoAPI, then the bad guys can find a way
plug in a no-crypto virus or trojan horse.
-rich@c2.org
http://www.c2.org/hackmsoft/ and other cool stuff
