[6993] in cryptography@c2.net mail archive
Re: MS on NSA_KEY in Windows
daemon@ATHENA.MIT.EDU (Sergio Tabanelli)
Wed May 3 10:16:13 2000
Message-ID: <022b01bfb4d5$6ad71ee0$256fa8c0@squalo.fst.it>
From: "Sergio Tabanelli" <sergio.tabanelli@fst.it>
To: <cryptography@c2.net>
Date: Wed, 3 May 2000 09:58:49 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sergio Tabanelli wrote:
[About OffloadModExpo]
[...]
> 4. In any case in my opinion it is completely unacceptable that a system
> administrator can access users’s private keys without the user
> knowledge and
> assent.
I don't see a way to prevent an admin from gaining access to a user's keys
under the NT security model.
[Sergio] I think that encrypting the key can help.
But all this aside, there is a sound reason why
a software crypto implementation would want to offer OffloadModExpo:
hardware acceleration.
Modular exponentiation is a painfully CPU-intensive task. The market for
modexp accelerators is pretty sizable and growing. Most sites that make
heavy use of SSL that I am aware of are either employing hardware crypto
accelerators or are planning to do so in the very near future. It makes
perfect sense for a crypto library to be able to call out to a modular
exponentiation accelerator if such an accelerator happens to be installed.
[Sergio] Agreed (maybe the right way to do this is writing a new CSP).
But I think that the strange things here are:
1) A security bulletin and a patch for a non functionality.
2) The coincidence between the OffloadModExpo functionality and the no use
of the _NSAKEY:
the W2K >= beta 3 still has the _NSAKEY but DOES NOT USE IT
the W2K >= beta 3 CSPs use the “OffloadModExpo” functionality
the NT4-NT5-W2K <= beta 2 still has the _NSAKEY and USES IT
the NT4-NT5-W2K <= beta 2 CSPs DO NOT HAVE the “OffloadModExpo”
functionality
Maybe this does not mean nothing, but it looks a little bit strange.
Sergio Tabanelli
