[117546] in Cypherpunks
Re: IP: two more on NSA KEy one from Spafford and one from MS
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sun Sep 5 14:28:59 1999
Date: Sun, 5 Sep 1999 14:35:24 -0400
From: Adam Shostack <adam@homeport.org>
To: Robert Hettinga <rah@shipwright.com>
Cc: cypherpunks@cyberpass.net, spaf@cs.purdue.edu
Message-ID: <19990905143523.A4789@weathership.homeport.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <v04210137b3f8117fb59c@[204.167.100.144]>; from Robert Hettinga on Sun, Sep 05, 1999 at 08:24:39AM -0400
Reply-To: Adam Shostack <adam@homeport.org>
Spaf wrote (via dave Farber):
| For instance, I happen to know that various 3-letter agencies use a
| lot of Windows machines (in a sense, that should be scary all by
| itself :-). Suppose they want to load their own highly-classified,
| very closely-guarded version of their own crypto routines. Do you
| think they will send copies of their code out to Redmond to get it
| signed so it can be loaded? Or are they going to sign it
| themselves, with their own key, doing it in-house where it is "safe"?
| If they are going the in-house route, then either Microsoft needs to
| share the private key with them (bad idea), or the code needs to
| accommodate a second key schedule generated inside the TLA. Hmmm,
| that sounds familiar, doesn't it?
Lets assume that I have a highly classified etc., set of code that
I don't want anyone to see, but I want signed. I can send a hash to
Redmond (perhaps even one hash per month, so that an outsider can't do
traffic analysis to see how often we find bugs in our code). Redmond
signs the hash, and I construct a CAPI signature with the signature
on a hash that I'm given.
So, I don't buy this particular argument as a reason. There are other
decent reasons that the key could be MS owned and operated. But its
also clear that the NSA has a long and successful history of
subverting deployed crypto-systems. If they hadn't subverted Windows,
they would be negligent.
Lastly, I'll point out that this extra key has been in Windows since
(at least) SP3. It was only with SP5 that its name was released in a
debugging table.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume