[117486] in Cypherpunks
NSA key in Windows?
daemon@ATHENA.MIT.EDU (Greg Broiles)
Fri Sep 3 23:27:28 1999
Message-Id: <4.2.0.58.19990903200716.00b72dd0@mail.wenet.net>
Date: Fri, 03 Sep 1999 20:12:39 -0700
To: cypherpunks@cyberpass.net
From: Greg Broiles <gbroiles@netbox.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Reply-To: Greg Broiles <gbroiles@netbox.com>
news.com has an updated story at
<http://www.news.com/News/Item/0,4,41277,00.html?st.ne.fd.mdh.ni> - the new
information is:
Richard Smith of Phar Lap says he's found the NSA key in software as far
back as 1998;
NSA faxed a statement to news.com saying that export control regs require
that crypto API's must be signed. [NB: this requirement doesn't exist in
the published crypto export regs at 15 CFR 740 et seq; perhaps it's one of
their nondisclosed requirements.]
Microsoft says that NSA reviewed the crypto architecture, including the
"backup key", and it was approved by NSA;
Microsoft says the "backup key" has always been present in the Crypto API;
Microsoft says the third key in the Win2000 builds is a "test key" which
won't be present in shipping versions of Win2000.
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C