[117480] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: NSA key in MSFT Crypto API

daemon@ATHENA.MIT.EDU (Anonymous)
Fri Sep 3 21:13:37 1999

Date: Sat, 4 Sep 1999 03:00:20 +0200 (CEST)
Message-Id: <199909040100.DAA04559@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Reply-To: Anonymous <nobody@replay.com>

From personal archives, one full year ago:

Date: Sat, 08 Aug 1998 11:29:09 +0100
> Thanks to Nicko van Someren:
> Microsoft has already put the appropriate hack in CAPI for you. It
> contains two public keys, the live one and one that's presumably a
> backup. If you replace this backup key with your own key, then CAPI
> will indeed accept signatures made by either.

This second key has been known about for a year.  The only new news is
that it is called "_NSAKEY" in the debug symbols.  But whether it is
owned by the NSA or not, the ability to use the second key to get non
Microsoft crypto modules loaded is old news.

Also see this from Matt Blaze, which may help to quench the flames:

: If the NSA wanted Microsoft to
: quietly compromise the CAPI install mechanism (which is supposed to
: require Microsoft's digital signature on the installed module -
: thereby preventing the installation of non-US crypto and allowing CAPI
: OS's to be exported), it would be *much* easier to do any of the following:
:         - Convince MS to tell them the secret key for MS's signature key
:         - Get MS to sign an NSA-compromised module.
:         - Install some module other than CAPI to compromise the OS (only
:           CAPI modules require the signature).
:
: Regardless of the mechanism used, NSA still would still have to
: convince the owner of the computer in question to install the
: compromised module (perhaps by exploiting one of the other bugs in the
: OS, which is admittedly probably easy enough to do).
:
: Finally, assuming that MS has two public CAPI-install keys in windows,
: and someone discovered this, how would they know that one of the corresponding
: secret keys is held by NSA?  From looking at the web page in question,
: it appears that the evidence consists entirely of the fact that one of the
: CAPI keys has an internal symbol name of "_NSAKEY".  Since anyone
: with a debugger and a copy of an MS OS can find this symbol, if this is
: intended as some kind of covert mechanism, it's not very well hidden.
:
: -matt


home help back first fref pref prev next nref lref last post