[117496] in Cypherpunks
Fwd: NSA key in Windows
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Sat Sep 4 09:15:20 1999
Mime-Version: 1.0
Message-Id: <v0421012fb3f6c71cb1eb@[204.167.100.144]>
Date: Sat, 4 Sep 1999 08:54:57 -0400
To: cypherpunks@cyberpass.net
From: Robert Hettinga <rah@shipwright.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
Date: Sat, 4 Sep 1999 10:12:04 +0100
To: usual@espace.net
From: Fearghas McKay <fm@st-kilda.org>
Subject: Fwd: NSA key in Windows
Reply-To: "Usual People List" <usual@espace.net>
Sender: <usual@espace.net>
List-Subscribe: <mailto:usual-on@espace.net>
--- begin forwarded text
X-Sender: duncan@pop.gn.apc.org
Date: Sat, 04 Sep 1999 01:35:40 +0100
To: ukcrypto@maillist.ox.ac.uk
From: Duncan Campbell <duncan@gn.apc.org>
Subject: NSA key in Windows
Sender: owner-ukcrypto@maillist.ox.ac.uk
Reply-To: ukcrypto@maillist.ox.ac.uk
Just put this out on Techweb at 7pm
A special prize to anyone who can find any CSP or application module
anywhere that is signed by the NSA key.
And a decent prize for anyone who can write a plausible explanation
of Microsoft's claim this evening that the NSAkey is really theirs
and is used to ensure compliance with US export restrictions. Thats
what the first key is for. Of course, maybe what they mean is that
US export restrictions prohibited the export of the Windows CAPI
unless NSA had a backdoor.
I look forward to the strand. :-))
DC
NSA Builds Security Access Into Windows
(09/03/99, 2:05 p.m. ET)
By Duncan Campbell, TechWeb
A careless mistake by Microsoft programmers has shown that special
access codes for use by the U.S. National Security Agency (NSA) have
been secretly built into all versions of the Windows operating system.
Computer-security specialists have been aware for two years that
unusual features are contained inside a standard Windows driver used
for security and encryption functions. The driver, called ADVAPI.DLL,
enables and controls a range of security functions including the
Microsoft Cryptographic API (MS-CAPI). In particular, it
authenticates modules signed by Microsoft, letting them run without
user intervention.
At last year's Crypto 98 conference, British cryptography specialist
Nicko van Someren said he had disassembled the driver and found it
contained two different keys. One was used by Microsoft to control
the cryptographic functions enabled in Windows, in compliance with
U.S. export regulations. But the reason for building in a second key,
or who owned it, remained a mystery.
Now, a North Carolina security company has come up with conclusive
evidence the second key belongs to the NSA. Like van Someren, Andrew
Fernandez, chief scientist with Cryptonym of Morrisville, North
Carolina, had been probing the presence and significance of the two
keys. Then he checked the latest Service Pack release for Windows
NT4, Service Pack 5. He found Microsoft's developers had failed to
remove or "strip" the debugging symbols used to test this software
before they released it. Inside the code were the labels for the two
keys. One was called "KEY." The other was called "NSAKEY."
Fernandez reported his re-discovery of the two CAPI keys, and their
secret meaning, to the "Advances in Cryptology, Crypto'99" conference
held in Santa Barbara. According to those present at the conference,
Windows developers attending the conference did not deny the "NSA"
key was built into their software. But they refused to talk about
what the key did, or why it had been put there without users'
knowledge.
But according to two witnesses attending the conference, even
Microsoft's top crypto programmers were stunned to learn that the
version of ADVAPI.DLL shipping with Windows 2000 contains not two,
but three keys. Brian LaMachia, head of CAPI development at Microsoft
was "stunned" to learn of these discoveries, by outsiders. This
discovery, by van Someren, was based on advance search methods which
test and report on the "entropy" of programming code.
Within Microsoft, access to Windows source code is said to be highly
compartmentalized, making it easy for modifications to be inserted
without the knowledge of even the respective product managers.
No researchers have yet discovered a programming module which signs
itself with the NSA key. Researchers are divided about whether it
might be intended to let U.S. government users of Windows run
classified cryptosystems on their machines or whether it is intended
to open up anyone's and everyone's Windows computer to intelligence
gathering techniques deployed by the NSA's burgeoning corps of
"information warriors."
"How is an IT manager to feel when they learn that in every copy of
Windows sold, Microsoft has installed a 'back door' for the NSA --
making it orders of magnitude easier for the U.S. government to
access your computer?"
-- Andrew Fernandez
Cryptonym
According to Fernandez of Cryptonym, the result of having the secret
key inside your Windows operating system "is that it is tremendously
easier for the NSA to load unauthorized security services on all
copies of Microsoft Windows, and once these security services are
loaded, they can effectively compromise your entire operating
system". The NSA key is contained inside all versions of Windows from
Windows 95 OSR2 onward.
"For non-American IT managers relying on WinNT to operate highly
secure data centers, this find is worrying," he added. "The U.S
government is currently making it as difficult as possible for
'strong' crypto to be used outside of the U.S. That they have also
installed a cryptographic back-door in the world's most abundant
operating system should send a strong message to foreign IT managers.
"How is an IT manager to feel when they learn that in every copy of
Windows sold, Microsoft has installed a 'back door' for the NSA --
making it orders of magnitude easier for the U.S. government to
access your computer?" he said.
Van Someren said he felt the primary purpose of the NSA key might be
for legitimate U.S. government use. But he said there cannot be a
legitimate explanation for the third key in Windows 2000 CAPI. "It
looks more fishy," he said on Friday.
Fernandez said he believed the NSA's built-in loophole could be
turned round against the snoopers. The NSA key inside CAPI could be
replaced by your own key, and used to sign cryptographic security
modules from overseas or unauthorized third parties, unapproved by
Microsoft or the NSA. This is exactly what the U.S. government has
been trying to prevent.
A demonstration "how to do it" program that replaces the NSA key can
be found on Cryptonym's website.
According to one leading U.S. cryptographer, the IT world should be
thankful the subversion of Windows by NSA has come to light before
the arrival of CPUs that handle encrypted instruction sets. These
would make the type of discoveries made this month impossible. "Had
the next-generation CPUs with encrypted instruction sets already been
deployed, we would have never found out about NSAKEY," he said.
--- end forwarded text
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'