A new vista service pack just "upgraded" to that "backdoored" random number algorithm. Suit yourself in believing Microsoft. Comade Ringo Kamens
On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Thus spake Ringo Kamens, on 1/2/2008 4:17 PM: > > Also, see http://www.schneier.com/essay-198.html > > And yeah, I was talking about the NSA key. > > Personally (and god help me), I believe Microsoft when they say the key > is not a key back door key. If it was, I wonder if they would name it > "NSA". Or is that what they want us to think? :) > The Schneier essay about the random number generator is more > interesting, and worth reading. > > Eugene > > > Comrade Ringo Kamens > > > > On Jan 2, 2008 4:24 PM, Nick Mathewson < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman wrote: > > > Thus spake Ringo Kamens on Sun, 23 Dec 2007: > > > > > > (snip) > > > > Also, we know the NSA and DoJ have engaged in > > > > this type of activity in the past such as "working" with > > Microsoft to > > > > secure vista and having their private key inserted into > windows > > > > versions so they could decrypt things. > > > > > > I've heard of the Vista bit, but what are you referring to, as far > as > > > having a decryption key for Windows stuff? I know they had one > in... > > > What was it? Lotus Notes? > > > > He's probably referring to the "NSAKey" key in NT 4. For more > > information, see > > http://en.wikipedia.org/wiki/Nsakey > > > > It's a secondary code-signing key, allegedy to be used if their > > primary code signing key needed to be revoked. > > > > If you believe Microsoft, the key was called "_NSAKEY" because it > was > > introduced in order to meet NSA requirements for a secondary key. > > Naming things after the software or organization that requires them, > > rather than after their actual purpose, is not unusual for > Microsoft: > > Their office XML spec is littered with stuff like the notorious > > AutoSpaceLikeWord95. > > > > Personally, I don't believe that contemporary operating systems are > so > > secure that the NSA would rather have security holes custom-built > for > > it instead of just using the ones that are already there. > > > > peace, > > -- > > Nick > > > > > > - -- > Eugene Y. Vasserman > Ph.D. Candidate, University of Minnesota > http://www.cs.umn.edu/~eyv/ <http://www.cs.umn.edu/%7Eeyv/> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iFcDBQFHfEuob9W6r3tKSVIRCHVjAQC3wB/kJGrFUJLhG6zZ3LM3FE6U9reqV6G+ > pMcf2AG0lwEAmBEpgN+k8OWOsM26xIiv8XuneEKqM6scqEaKu9xSsTE= > =J/si > -----END PGP SIGNATURE----- >