[52284] in Cypherpunks


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: M$ CryptoAPI Question

daemon@ATHENA.MIT.EDU (geeman@best.com)
Mon Mar 18 12:02:01 1996

Date: Mon, 18 Mar 1996 08:24:31 -0800
From: geeman@best.com
To: Rich Graves <llurch@networking.stanford.edu>
Cc: cypherpunks@toad.com

At 12:02 AM 3/18/96 -0800, you wrote:
>
>If the good guys can find a way to plug an unapproved international
>strong-crypto module into the CryptoAPI, then the bad guys can find a way
>plug in a no-crypto virus or trojan horse. 
>

You want to prove:
(A)
IF you CAN plug in an unapproved module
THEN you CAN plug in a trojan/virus.

That doesn't mean, however, that:
(B)
IF you can't plug in an unapproved module
THEN you can't plug in a trojan/virus.

The subversion mechanisms would just not use the standard API.  
So what have you really proved if you can prove (A)?

>-rich@c2.org
> http://www.c2.org/hackmsoft/ and other cool stuff
>
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[52284] in Cypherpunks

Re: M$ CryptoAPI Question

daemon@ATHENA.MIT.EDU (geeman@best.com)Mon Mar 18 12:02:01 1996

daemon@ATHENA.MIT.EDU (geeman@best.com)
Mon Mar 18 12:02:01 1996