[117582] in Cypherpunks
Re: NSA & MSFT CAPI keys as PGP keys
daemon@ATHENA.MIT.EDU (Adam Back)
Mon Sep 6 16:51:32 1999
Date: Mon, 6 Sep 1999 21:28:11 +0100
Message-Id: <199909062028.VAA05034@server.cypherspace.org>
To: maxinux@Bigfoot.com
CC: cypherpunks@cyberpass.net
From: Adam Back <adam@cypherspace.org>
In-reply-to: <Pine.LNX.4.10.9909060813380.12713-100000@khercs.futile.net>
(message from Max Inux on Mon, 6 Sep 1999 08:15:59 -0700 (PDT))
Reply-To: Adam Back <adam@cypherspace.org>
Max Inux wrote:
> On Mon, 6 Sep 1999, Adam Back wrote:
> >Anonymous provided the NSA and Microsoft CAPI keys in hex, so here are
> >their RSA CAPI keys formatted as PGP keys. I've signed them.
> >
> >I put the keys at:
> >
> > http://www.dcs.ex.ac.uk/~aba/nsakey/
> >
> >Adam
>
> Thanks adam, I figured it was just a matter of time until that got done.
> But one tihng that striked my fancy, they are using RSA, what does this
> say to you? could it mean that RSA may be safe? or were they being lazy
> and using something they cracked under the assumption that they were the
> only ones? or... what?
I think it means nothing. Microsoft probably only had RSA implemented
at the time they did it. If the NSA RSA key is for their own code
authorisation use for internal NSA use, well it means that NSA trusts
1024 bit RSA; but perhaps not that much bearing in mind the weak point
will be the rest of the windows OS.
Another interesting data point is that the Lotus notes NSA key (which
we know really is an NSA key in that case) is just 768 bits. However,
with this one you have to consider that it is only protecting 24 bits
of data; with IBM's differential crypto partial backdoor the crypto is
40 bits if the backdoor is used, or 64 bits if not. Given that I'm
sure they could crack a 64 bit message if they needed to, the 768 bits
only needs to be harder than the difference between breaking 40 bits
and 64 bits times the number of keys one might be interested to crack.
(The 768 bit keys protects lots of messages ... all export notes
versions, and the strength of the 768 bit crypto is all that is
stopping someone being able to decrypt the messages at work factor 40
bits rather than 64 bits).
> It just seems to be an interesting implication, wonder what it means that
> they are using RSA pub key..... hmmmmmm 2 years, 14 days before the patent
> expires.. w000 h000
Probably no patent implications, ... Microsoft is distributing it, and
microsoft has a license from RSADSI.
Adam