[67707] in Cypherpunks
Re: Microsoft CAPI
daemon@ATHENA.MIT.EDU (Jim McCoy)
Wed Oct 9 16:34:30 1996
In-Reply-To: <325BD6C6.715F@tivoli.com>
Date: Wed, 9 Oct 1996 13:12:02 -0800
To: cypherpunks@toad.com
From: Jim McCoy <mccoy@communities.com>
Mike McNally <m5@tivoli.com> writes:
>Ravi Pandya wrote:
>> ... You can't load an encryption engine into Windows 95 or
>> Windows NT unless that engine has been specially signed by
>> Microsoft's corporate key.
>
>And so what happens when the Microsoft key is compromised? It might
>be hard to break by purely cryptographic means, but surely there are
>some people at Microsoft who aren't millionaires.
But who may want to be, eh? :)
Actually it is also possible to use a much more overt route and just
patch around anything which is doing the signature checking (possibly
on just a temporary basis if the checks are only made when the engine
is first loaded.)
jim
