[117496] in Cypherpunks

home help back first fref pref prev next nref lref last post

Fwd: NSA key in Windows

daemon@ATHENA.MIT.EDU (Robert Hettinga)
Sat Sep 4 09:15:20 1999

Mime-Version: 1.0
Message-Id: <v0421012fb3f6c71cb1eb@[204.167.100.144]>
Date: Sat, 4 Sep 1999 08:54:57 -0400
To: cypherpunks@cyberpass.net
From: Robert Hettinga <rah@shipwright.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Robert Hettinga <rah@shipwright.com>


--- begin forwarded text


Date: Sat, 4 Sep 1999 10:12:04 +0100
To: usual@espace.net
From: Fearghas McKay <fm@st-kilda.org>
Subject: Fwd: NSA key in Windows
Reply-To: "Usual People List" <usual@espace.net>
Sender: <usual@espace.net>
List-Subscribe: <mailto:usual-on@espace.net>


--- begin forwarded text


X-Sender: duncan@pop.gn.apc.org
Date: Sat, 04 Sep 1999 01:35:40 +0100
To: ukcrypto@maillist.ox.ac.uk
From: Duncan Campbell <duncan@gn.apc.org>
Subject: NSA key in Windows
Sender: owner-ukcrypto@maillist.ox.ac.uk
Reply-To: ukcrypto@maillist.ox.ac.uk

Just put this out on Techweb at 7pm

A special prize to anyone who can find any CSP or application module 
anywhere that is signed by the NSA key.

And a decent prize for anyone who can write a plausible explanation 
of Microsoft's claim this evening that the NSAkey is really theirs 
and is used to ensure compliance with US export restrictions.  Thats 
what the first key is for.   Of course, maybe what they mean is that 
US export restrictions prohibited the export of the Windows CAPI 
unless NSA had a backdoor.

I look forward to the strand.   :-))
   DC

NSA Builds Security Access Into Windows

(09/03/99, 2:05 p.m. ET)
By Duncan Campbell, TechWeb

A careless mistake by Microsoft programmers has shown that special 
access codes for use by the U.S. National Security Agency (NSA) have 
been secretly built into all versions of the Windows operating system.

Computer-security specialists have been aware for two years that 
unusual features are contained inside a standard Windows driver used 
for security and encryption functions. The driver, called ADVAPI.DLL, 
enables and controls a range of security functions including the 
Microsoft Cryptographic API (MS-CAPI). In particular, it 
authenticates modules signed by Microsoft, letting them run without 
user intervention.

At last year's Crypto 98 conference, British cryptography specialist 
Nicko van Someren said he had disassembled the driver and found it 
contained two different keys. One was used by Microsoft to control 
the cryptographic functions enabled in Windows, in compliance with 
U.S. export regulations. But the reason for building in a second key, 
or who owned it, remained a mystery.

Now, a North Carolina security company has come up with conclusive 
evidence the second key belongs to the NSA. Like van Someren, Andrew 
Fernandez, chief scientist with Cryptonym of Morrisville, North 
Carolina, had been probing the presence and significance of the two 
keys. Then he checked the latest Service Pack release for Windows 
NT4, Service Pack 5. He found Microsoft's developers had failed to 
remove or "strip" the debugging symbols used to test this software 
before they released it. Inside the code were the labels for the two 
keys. One was called "KEY." The other was called "NSAKEY."

Fernandez reported his re-discovery of the two CAPI keys, and their 
secret meaning, to the "Advances in Cryptology, Crypto'99" conference 
held in Santa Barbara. According to those present at the conference, 
Windows developers attending the conference did not deny the "NSA" 
key was built into their software. But they refused to talk about 
what the key did, or why it had been put there without users' 
knowledge.

But according to two witnesses attending the conference, even 
Microsoft's top crypto programmers were stunned to learn that the 
version of ADVAPI.DLL shipping with Windows 2000 contains not two, 
but three keys. Brian LaMachia, head of CAPI development at Microsoft 
was "stunned" to learn of these discoveries, by outsiders. This 
discovery, by van Someren, was based on advance search methods which 
test and report on the "entropy" of programming code.

Within Microsoft, access to Windows source code is said to be highly 
compartmentalized, making it easy for modifications to be inserted 
without the knowledge of even the respective product managers.
No researchers have yet discovered a programming module which signs 
itself with the NSA key. Researchers are divided about whether it 
might be intended to let U.S. government users of Windows run 
classified cryptosystems on their machines or whether it is intended 
to open up anyone's and everyone's Windows computer to intelligence 
gathering techniques deployed by the NSA's burgeoning corps of 
"information warriors."

"How is an IT manager to feel when they learn that in every copy of 
Windows sold, Microsoft has installed a 'back door' for the NSA -- 
making it orders of magnitude easier for the U.S. government to 
access your computer?"
-- Andrew Fernandez
Cryptonym

According to Fernandez of Cryptonym, the result of having the secret 
key inside your Windows operating system "is that it is tremendously 
easier for the NSA to load unauthorized security services on all 
copies of Microsoft Windows, and once these security services are 
loaded, they can effectively compromise your entire operating 
system". The NSA key is contained inside all versions of Windows from 
Windows 95 OSR2 onward.

"For non-American IT managers relying on WinNT to operate highly 
secure data centers, this find is worrying," he added. "The U.S 
government is currently making it as difficult as possible for 
'strong' crypto to be used outside of the U.S. That they have also 
installed a cryptographic back-door in the world's most abundant 
operating system should send a strong message to foreign IT managers.

"How is an IT manager to feel when they learn that in every copy of 
Windows sold, Microsoft has installed a 'back door' for the NSA -- 
making it orders of magnitude easier for the U.S. government to 
access your computer?" he said.

Van Someren said he felt the primary purpose of the NSA key might be 
for legitimate U.S. government use. But he said there cannot be a 
legitimate explanation for the third key in Windows 2000 CAPI. "It 
looks more fishy," he said on Friday.

Fernandez said he believed the NSA's built-in loophole could be 
turned round against the snoopers. The NSA key inside CAPI could be 
replaced by your own key, and used to sign cryptographic security 
modules from overseas or unauthorized third parties, unapproved by 
Microsoft or the NSA. This is exactly what the U.S. government has 
been trying to prevent.

A demonstration "how to do it" program that replaces the NSA key can 
be found on Cryptonym's website.

According to one leading U.S. cryptographer, the IT world should be 
thankful the subversion of Windows by NSA has come to light before 
the arrival of CPUs that handle encrypted instruction sets. These 
would make the type of discoveries made this month impossible. "Had 
the next-generation CPUs with encrypted instruction sets already been 
deployed, we would have never found out about NSAKEY," he said.

--- end forwarded text

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'


home help back first fref pref prev next nref lref last post