--- begin forwarded text Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm-idx-0.40(alpha) Reply-To: [EMAIL PROTECTED] From: "grt" <[EMAIL PROTECTED]> Organization: ... To: [EMAIL PROTECTED] Date: Sat, 4 Sep 1999 09:24:02 -0400 CC: [EMAIL PROTECTED] Priority: normal Subject: [PGP]: Bruce Schneier weighs in FYI > from: sci.crypt > subject: NSA and MS windows > A few months ago in my newsletter Crypto-Gram, I talked about > Microsoft's system for digitally signing cryptography suits that go > into its operating system. The point is that only approved crypto > suites can be used, which makes thing like export control easier. > Annoying as it is, this is the current marketplace. > > Microsoft has two keys, a primary and a spare. The Crypto-Gram > article talked about attacks based on the fact that a crypto suite > is considered signed if it is signed by EITHER key, and that there > is no mechanism for transitioning from the primary key to the > backup. It's stupid cryptography, but the sort of thing you'd > expect out of Microsoft. > > Suddenly there's a flurry of press activity because someone notices > that the second key is called "NSAKEY" in the code. Ah ha! The NSA > can sign crypto suites. They can use this ability to drop a > Trojaned crypto suite into your computers. Or so the conspiracy > theory goes. > > I don't buy it. > > First, if the NSA wanted to compromise Microsoft's Crypto API, it > would be much easier to either 1) convince MS to tell them the > secret key for MS's signature key, 2) get MS to sign an > NSA-compromised module, 3) install a module other than Crypto API to > break the encryption (no other modules need signatures). It's > always easier to break good encryption. > > Second, NSA doesn't need a key to compromise security in Windows. > Programs like Back Orifice can do it without any keys. Attacking > the Crypto API still requires that the victim run an executable > (even a Word macro) on his computer. If you can convince a victim > to run an untrusted macro, there are a zillion smarter ways to > compromise security. > > Third, why in the world would anyone call a secret NSA key "NSAKEY." > Lots of people have access to source code within Microsoft; a > conspiracy like this would only be known by a few people. Anyone > with a debugger could have found this "NSAKEY." If this is a covert > mechanism, it's not very covert. > > I see two possibilities. One, that the backup key is just as > Microsoft says, a backup key. It's called "NSAKEY" for some dumb > reason, and that's that. > > Two, that it is actually an NSA key. If the NSA is going to use > Microsoft products for classified traffic, they're going to install > their own cryptography. They're not going to want to show it to > anyone, not even Microsoft. They are going to want to sign their > own modules. So the backup key could also be an NSA internal key, > so that they could install strong cryptography on Microsoft products > for their own internal use. > > But it's not an NSA key so they can secretly install weak > cryptography on the unsuspecting masses. There are just too many > smarter things they can do to the unsuspecting masses. > > My original article: > http://www.counterpane.com/crypto-gram-9904.html#certificates > > Announcement: > http://www.cryptonym.com/hottopics/msft-nsa.html > > Nice analysis: > http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=52 > > Useful news article: > http://www.wired.com/news/news/technology/story/21577.html > ******************************************************************** > ** Bruce Schneier, President, Counterpane Systems Phone: > 612-823-1098 101 E Minnehaha Parkway, Minneapolis, MN 55419 > Fax: 612-823-1590 Free crypto newsletter. See: > http://www.counterpane.com ------------------------------------------------------------------------- To retrieve this thread, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] DO NOT send administrative requests/command to the list! Thanks. --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'