Re: NSA key in MSFT Crypto API

From: Matt Blaze (mabat_private)
Date: Fri Sep 03 1999 - 12:48:07 PDT

Next message: Niklas Schiffler: "Re: Cisco and Nmap Dos"

Previous message: g. labe: "Re: pgp-2.6.2 -m leaves plain text file in current directory"
Next in thread: David U.: "Re: NSA key in MSFT Crypto API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's what I said about this on another list:

I must admit that this doesn't make much sense to me.

I was at Crypto, but I must have missed the rump session talk in question
(and it's entirely possible that the talk occurred anyway - I was out of the
room for a good deal of that session).  In any case, non-Crypto people should
remember that the "rump session" consists of entirely entirely unreviewed talks
each lasting about five minute.  It is *not* a peer-refereed part of the
Crypto conference, just a place for people to announce new or minor results.
It is very easy to get a rump session slot, and people say bogus things at
the rump session all the time.

That said, I don't understand the point.  If the NSA wanted Microsoft to
quietly compromise the CAPI install mechanism (which is supposed to
require Microsoft's digital signature on the installed module -
thereby preventing the installation of non-US crypto and allowing CAPI
OS's to be exported), it would be *much* easier to do any of the following:
        - Convince MS to tell them the secret key for MS's signature key
        - Get MS to sign an NSA-compromised module.
        - Install some module other than CAPI to compromise the OS (only
          CAPI modules require the signature).

Regardless of the mechanism used, NSA still would still have to
convince the owner of the computer in question to install the
compromised module (perhaps by exploiting one of the other bugs in the
OS, which is admittedly probably easy enough to do).

Finally, assuming that MS has two public CAPI-install keys in windows,
and someone discovered this, how would they know that one of the corresponding
secret keys is held by NSA?  From looking at the web page in question,
it appears that the evidence consists entirely of the fact that one of the
CAPI keys has an internal symbol name of "_NSAKEY".  Since anyone
with a debugger and a copy of an MS OS can find this symbol, if this is
intended as some kind of covert mechanism, it's not very well hidden.

-matt

Next message: Niklas Schiffler: "Re: Cisco and Nmap Dos"
Previous message: g. labe: "Re: pgp-2.6.2 -m leaves plain text file in current directory"
Next in thread: David U.: "Re: NSA key in MSFT Crypto API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:15 PDT