[6989] in cryptography@c2.net mail archive
RE: MS on NSA_KEY in Windows
daemon@ATHENA.MIT.EDU (Lucky Green)
Wed May 3 00:33:04 2000
Date: Tue, 02 May 2000 19:06:32 -0700
From: Lucky Green <shamrock@cypherpunks.to>
In-reply-to: <006901bfb414$b0bb3e30$256fa8c0@squalo.fst.it>
To: cryptography@c2.net
Message-id: <NDBBIFGOKODBCKDGJDKLMEGGDMAA.shamrock@cypherpunks.to>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8BIT
Sergio Tabanelli wrote:
[About OffloadModExpo]
[...]
> 4. In any case in my opinion it is completely unacceptable that a system
> administrator can access users’s private keys without the user
> knowledge and
> assent.
I don't see a way to prevent an admin from gaining access to a user's keys
under the NT security model. But all this aside, there is a sound reason why
a software crypto implementation would want to offer OffloadModExpo:
hardware acceleration.
Modular exponentiation is a painfully CPU-intensive task. The market for
modexp accelerators is pretty sizable and growing. Most sites that make
heavy use of SSL that I am aware of are either employing hardware crypto
accelerators or are planning to do so in the very near future. It makes
perfect sense for a crypto library to be able to call out to a modular
exponentiation accelerator if such an accelerator happens to be installed.
--Lucky
