The NSA would be remiss in their task as US spy agency if it failed to
ensure that there are multiple backdoors to the world's most widely used
operating system. One would assume, there are backdoors even the vendor does
not know about.
After watching the NSAKEY talk at the Crypto rump session [name elided], by
his own account at the time the person ultimately responsible for CAPI at
Microsoft, told a group that even he had not know about the second key. In
addition, he informed us that access to the Windows source code is heavily
compartmentalized, making it easy to insert modifications without the
knowledge of even the respective product managers.
On thing I learned from my work on the GSM ciphers is that intelligence
agencies will insert compromises at every step: key size, key generation,
cryptographic algorithms, every single cryptographic component in GSM has
been deliberately compromised.
It therefore stands to reason that additional, so far undetected, backdoors
exist in Microsoft's operating systems.
--Lucky Green <[EMAIL PROTECTED]>
> -----Original Message-----
> From: Robert Hettinga [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 03, 1999 16:52
> To: Matt Blaze; Lucky Green; [EMAIL PROTECTED]
> Cc: Cryptography@C2. Net; [EMAIL PROTECTED]
> Subject: Re: NSA key in MSFT Crypto API
>
>
> At 3:48 PM -0400 on 9/3/99, Matt Blaze wrote:
>
>
> > Since anyone
> > with a debugger and a copy of an MS OS can find this symbol, if this is
> > intended as some kind of covert mechanism, it's not very well hidden.
>
> Though, truth be told, the symbols were supposedly *accidently* left
> in on this one build.
>
>
> Which brings me to my crazy "policy page" theory of all this.
>
> When, finally, people looked inside the Netscape *executable*, and
> saw that just-as-you-please plaintext crypto "policy" page, something
> anybody with a clue and good text editor could go in and change,
> turning their crippleware to actual crypto (I mean, even *I* went and
> did it for chrissakes, and it worked), the folks at Netscape said,
> and I think this is a direct quote, "It took you long enough." The
> thing must have been in there for years, I bet.
>
> Anyway, I don't know why I *don't* believe the same thing about
> Microsoft (okay, maybe I do, only that's a theological reason :-)),
> but, right now, I just can't believe that they really did this thing
> so that people could fix their own crippleware, just like Netscape
> did with their policy page.
>
> Unfortunately, I think that all this *was* a mistake on their part,
> and, of course, there are just that many more neurons firing outside
> the Microsoft firewall than in it. A classic argument for open source
> and peer review, of course, but, paradoxically, one which, in the
> end, *helps* Microsoft to be more devious about their trapdoors in
> the future.
>
> I'd love to be proven wrong on this, and if someone on the other side
> of that Redmond firewall wants to actually speak up on this, cool,
> but I bet this is more about failed skullduggery than any
> crypto-beneficence on BillG's part.
>
> Cheers,
> RAH
> -----------------
> Robert A. Hettinga <mailto: [EMAIL PROTECTED]>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>
