[117490] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: NSA key in MSFT Crypto API

daemon@ATHENA.MIT.EDU (James Donald)
Sat Sep 4 04:54:52 1999

Message-Id: <199909040840.BAA17005@proxy3.ba.best.com>
Date: Sat, 04 Sep 1999 01:38:57 -0700
To: Robert Hettinga <rah@shipwright.com>, Matt Blaze <mab@crypto.com>,
        "Lucky Green" <shamrock@cypherpunks.to>, cypherpunks@cyberpass.net
From: James  Donald <jamesd@echeque.com>
Cc: "Cryptography@C2. Net" <cryptography@c2.net>, bugtraq@securityfocus.com
In-Reply-To: <v04210113b3f60b5720f4@[204.167.100.144]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: James  Donald <jamesd@echeque.com>

    --

http://www.cryptonym.com/hottopics/msft-nsa.html wrote:
	Because of the way the crypto verification occurs, users can
	easily eliminate or replace the NSA key from the operating
	system without modifying any of Microsoft's original
	components. Since the NSA key is easily replaced, it means
	that non-US companies are free to install "strong" crypto
	services into Windows, without Microsoft's or the NSA's
	approval. Thus the NSA has effectively removed export control
	of "strong" crypto from Windows. A demonstration program that
	replaces the NSA key can be found on Cryptonym's website.  

Bill Gates has always been on the side of the angels when it came to
crypto.  He knew it would be hard to implement CAPI in ways that stopped
people from installing unapproved crypto, and probably did not try very hard.

I think this was either deliberate, or he knew it was likely, and did not
try too hard to stop it.  When CAPI was first proposed, I predicted on this
mailing list that this would happen, and lo, it has happened.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     dAfifQHF7gndSJ1xqf8UY2CjQKbRrNvI0ePMEgWi
     4oFQNi2Eop1eKjyaEZqJfipnQ46OpDrQJx31ZW5xI


home help back first fref pref prev next nref lref last post