Looks like last night was a kind of crypto-Kristallnacht, ja?
Cheers,
RAH
(Who's not too shameless to plug FC00, here, in light of the Nicko
and Adi's URL, below)
--- begin forwarded text
Date: Fri, 3 Sep 1999 10:03:57 -0700
Reply-To: Law & Policy of Computer Communications
<[EMAIL PROTECTED]>
Sender: Law & Policy of Computer Communications
<[EMAIL PROTECTED]>
From: Greg Broiles <[EMAIL PROTECTED]>
Subject: Re: Warning about Installation of Software -- Don't be fooled by
NSA
To: [EMAIL PROTECTED]
At 09:33 AM 9/3/99 , David Lesher wrote:
> > and I respectfully ask all the smart computer-savvy folks who read this
> > message to check out this rumor and confirm whether it is a hoax, or
> whether
> > it is for real. Your imput and wisdom is greatly appreciated.
>
>But note that the meat of the story requires you do no such thing.
>
>(More importantly, I can not see his claimed Crypto 99 rump session
>talk on the schedule....)
I spoke with a friend last night who attended the rump session at Crypto,
who confirmed that the talk was given.
The existence of the second key was discovered by a crypto researcher who
had the insight that looking inside the executable for areas of unusually
high entropy might prove revealing - he found two such areas, each1024 bits
long (exactly the length of the Crypto API public key), where the design of
Crypto API would only have required one .. leading to further investigation
and disassembly of the code.
One approach to independent verification would be to repeat the initial
investigation - look through the RSABASE.DLL file in your \WINDOWS\SYSTEM
directory looking for relatively high-entropy sequences. A paper describing
this technique is available at
<http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf>, and C
code purporting to implement that seach is available at
<http://www.hedonism.demon.co.uk/paul/download/ncheck.c>.
--
Greg Broiles
[EMAIL PROTECTED]
PGP: 0x26E4488C
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
