Re: NSA key in MSFT Crypto API

From: John Gilmore (gnuat_private)
Date: Fri Sep 03 1999 - 13:32:19 PDT

Next message: Basil V. Dolmatov: "Re: VLAN Security"

Previous message: Grzegorz Stelmaszek: "remote DoS against inetd and ssh"
Next in thread: Tim Dierks: "Re: NSA key in MSFT Crypto API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >http://www.cryptonym.com/hottopics/msft-nsa.html
>
> Perhaps more interestingly, the program lets you replace the key, too.

Microsoft prevents third parties from installing un-authorized crypto
code under CAPI by checking the signature on the code.  Under their
export deal, they refuse to sign anyone's non-US code that does strong
crypto.  So if you want to add your own strong crypto, you need to sign
it with a key that the CAPI recognizes.  You could patch out Microsoft's
key but then the Microsoft modules won't load properly.  It works
better to patch out NSA's key with your own -- then you can load both
your own crypto code and all the standard MS stuff.

	John

Next message: Basil V. Dolmatov: "Re: VLAN Security"
Previous message: Grzegorz Stelmaszek: "remote DoS against inetd and ssh"
Next in thread: Tim Dierks: "Re: NSA key in MSFT Crypto API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:45 PDT