[117556] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: NSA key in MSFT Crypto API

daemon@ATHENA.MIT.EDU (Petro)
Mon Sep 6 00:52:05 1999

Mime-Version: 1.0
Message-Id: <v04205501b3f64b3218b5@[208.176.30.20]>
In-Reply-To: <199909040100.DAA04559@mail.replay.com>
Date: Sun, 5 Sep 1999 21:38:25 -0700
To: cypherpunks@cyberpass.net
From: Petro <petro@suba.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Petro <petro@suba.com>


	I have a LOT of respect for Mr. Blaze. Probably as much 
respect for him as anyone else I know of, but:

>Also see this from Matt Blaze, which may help to quench the flames:
>
>: If the NSA wanted Microsoft to
>: quietly compromise the CAPI install mechanism (which is supposed to
>: require Microsoft's digital signature on the installed module -
>: thereby preventing the installation of non-US crypto and allowing CAPI
>: OS's to be exported), it would be *much* easier to do any of the following:
>:         - Convince MS to tell them the secret key for MS's signature key

	Microsoft could/would object to this on the grounds that it 
would tie them in with any signed code that did something 
backdoorish--they could get accused of something they didn't have any 
idea about.

>:         - Get MS to sign an NSA-compromised module.

	Same as above, only a _little_ less exposure for Microsoft.

	In either case, if an object is signed by Microsoft, and 
someone finds out that the object is doing "Bad Things" like copying 
your public key to a Yahoo or hotmail account (especially a hotmail 
account), then they are liable. If it's signed by some other key, 
then it's a bug, and MS releases a patch that embeds a different key.

>:         - Install some module other than CAPI to compromise the OS (only
>:           CAPI modules require the signature).

	And we know this hasn't been done because?


>: Regardless of the mechanism used, NSA still would still have to
>: convince the owner of the computer in question to install the
>: compromised module (perhaps by exploiting one of the other bugs in the
>: OS, which is admittedly probably easy enough to do).

	This is Windows we are talking about. Viruses or Trojans 
could easily do the job.

>: secret keys is held by NSA?  From looking at the web page in question,
>: it appears that the evidence consists entirely of the fact that one of the
>: CAPI keys has an internal symbol name of "_NSAKEY".  Since anyone
>: with a debugger and a copy of an MS OS can find this symbol, if this is
>: intended as some kind of covert mechanism, it's not very well hidden.

	It took 3 years to find the second key, and another year (and 
a big mistake on M$ part) to get this far.
--
Interfaces matter.  You need mathematical bones; engineering muscle;
but you won't replicate without beautiful skin. Bits, transistors, 
wires, code, gummint velveeta is free.  Will is expensive. Gutenburg. 
Smith.  Ford.  Moore.  Postel. Steam engines were neat.  Steam 
engines pulling trains were amazing. Computers were neat.  Computers 
networked were amazing. Warning grunts are useful. The ability of a 
charistmatic speaker to fuck with your head is disastrous.--Blank 
Frank(anonymously)


home help back first fref pref prev next nref lref last post