[117490] in Cypherpunks
Re: NSA key in MSFT Crypto API
daemon@ATHENA.MIT.EDU (James Donald)
Sat Sep 4 04:54:52 1999
Message-Id: <199909040840.BAA17005@proxy3.ba.best.com>
Date: Sat, 04 Sep 1999 01:38:57 -0700
To: Robert Hettinga <rah@shipwright.com>, Matt Blaze <mab@crypto.com>,
"Lucky Green" <shamrock@cypherpunks.to>, cypherpunks@cyberpass.net
From: James Donald <jamesd@echeque.com>
Cc: "Cryptography@C2. Net" <cryptography@c2.net>, bugtraq@securityfocus.com
In-Reply-To: <v04210113b3f60b5720f4@[204.167.100.144]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: James Donald <jamesd@echeque.com>
--
http://www.cryptonym.com/hottopics/msft-nsa.html wrote:
Because of the way the crypto verification occurs, users can
easily eliminate or replace the NSA key from the operating
system without modifying any of Microsoft's original
components. Since the NSA key is easily replaced, it means
that non-US companies are free to install "strong" crypto
services into Windows, without Microsoft's or the NSA's
approval. Thus the NSA has effectively removed export control
of "strong" crypto from Windows. A demonstration program that
replaces the NSA key can be found on Cryptonym's website.
Bill Gates has always been on the side of the angels when it came to
crypto. He knew it would be hard to implement CAPI in ways that stopped
people from installing unapproved crypto, and probably did not try very hard.
I think this was either deliberate, or he knew it was likely, and did not
try too hard to stop it. When CAPI was first proposed, I predicted on this
mailing list that this would happen, and lo, it has happened.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
dAfifQHF7gndSJ1xqf8UY2CjQKbRrNvI0ePMEgWi
4oFQNi2Eop1eKjyaEZqJfipnQ46OpDrQJx31ZW5xI