[117492] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: NSA key in MSFT Crypto API

daemon@ATHENA.MIT.EDU (Steve Mynott)
Sat Sep 4 08:41:13 1999

Date: Sat, 4 Sep 1999 12:23:29 +0000
From: Steve Mynott <steve@tightrope.demon.co.uk>
To: "William H. Geiger III" <whgiii@openpgp.net>
Cc: cypherpunks@cyberpass.net
Message-ID: <19990904122329.C24928@tightrope.demon.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <199909031623.MAA07890@domains.invweb.net>; from William H. Geiger III on Fri, Sep 03, 1999 at 11:19:05AM -0500
Reply-To: Steve Mynott <steve@tightrope.demon.co.uk>

Surely all your comments below equally apply to OS/2 Warp and
indeed MacOS and any closed source OS?

OpenBSD is a multiplatform, open source OS which is audited for
security and is shipped (out of Canada) with strong crypto.

On Fri, Sep 03, 1999 at 11:19:05AM -0500, William H. Geiger III wrote:
> In <D104150098E6D111B7830000F8D90AE8E62A42@exna02.securitydynamics.com>,
> on 09/03/99 
>    at 11:49 AM, "Trei, Peter" <ptrei@securitydynamics.com> said:
> 
> 
> >The ability to replace the NSA key with another
> >is an extremely serious vulnerability. This means that
> >*anyone* - not just the NSA - can write a compromised
> >module and install it on the target, as long as they
> >also replace the NSA key with the one they used to
> >sign the weakened module.
> 
> >Tripwire, anyone?
> 
> It's very simple, DO NOT USE WINDOWS!!
> 
> This is a compromise in only one API. God only knows what they have done
> to compromise security in the millions of lines of code that no one
> outside of Redmond has ever seen.
>
> Windows is compromised!! Microsoft is in bed with the Federal Government.
> There is *no* security on a system running their software. Those who
> continue to do so get exactly what they deserve.
> 
> -- 
> ---------------------------------------------------------------
> William H. Geiger III  http://www.openpgp.net
> Geiger Consulting    Cooking With Warp 4.0

-- 
1024/D9C69DF9 steve mynott steve@tightrope.demon.co.uk http://www.pineal.com/

    
    "egotist: a person more interested in himself than in me." - ambrose bierce


home help back first fref pref prev next nref lref last post