[117504] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: NSA key in MSFT Crypto API

daemon@ATHENA.MIT.EDU (Eric Cordian)
Sat Sep 4 12:04:49 1999

From: Eric Cordian <emc@wire.insync.net>
Message-Id: <199909041542.KAA27632@wire.insync.net>
To: cypherpunks@cyberpass.net
Date: Sat, 4 Sep 1999 10:42:24 -0500 (CDT)
In-Reply-To: <199909041411.KAA23565@domains.invweb.net> from "William H. Geiger III" at Sep 4, 99 10:11:49 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Reply-To: Eric Cordian <emc@wire.insync.net>

WHGIII writes:

> This is a compromise in only one API. God only knows what they have done
> to compromise security in the millions of lines of code that no one
> outside of Redmond has ever seen.

Yes, 50 million lines of unpublished code with no clearly defined OS layer
can never be trusted, period.  Want security?  Don't run Microsoft
Operating Systems.

That is the true problem with various flavors of Windoze, not the
discovery that one of the signature keys has "NSA" in the name. 

Clearly, if Microsoft would let the NSA include a key, they would also let
the NSA sign stuff with the the Microsoft key.  The incremental decrease
in security as a result of the secondary key is non-existent.

Hyperbole over this one issue tends to detract from the other numerous
security issues surrounding Microsoft bloatware.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"


home help back first fref pref prev next nref lref last post