-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thus spake Ringo Kamens, on 1/2/2008 8:51 PM: > A new vista service pack just "upgraded" to that "backdoored" random > number algorithm. Suit yourself in believing Microsoft.
I'm not defending Microsoft, I'm just trying to see things from both sides. They're not NECESSARILY adding a back door. The algorithm is included in a standards document - Microsoft added it because some customers will ask for it. SP1 also adds AES-GMAC. Eugene > Comade Ringo Kamens > > On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Thus spake Ringo Kamens, on 1/2/2008 4:17 PM: >> Also, see http://www.schneier.com/essay-198.html >> And yeah, I was talking about the NSA key. > > Personally (and god help me), I believe Microsoft when they say the key > is not a key back door key. If it was, I wonder if they would name it > "NSA". Or is that what they want us to think? :) > The Schneier essay about the random number generator is more > interesting, and worth reading. > > Eugene > >> Comrade Ringo Kamens > >> On Jan 2, 2008 4:24 PM, Nick Mathewson < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> >> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: > >> On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman > wrote: >> > Thus spake Ringo Kamens on Sun, 23 Dec 2007: >> > >> > (snip) >> > > Also, we know the NSA and DoJ have engaged in >> > > this type of activity in the past such as "working" with >> Microsoft to >> > > secure vista and having their private key inserted into > windows >> > > versions so they could decrypt things. >> > >> > I've heard of the Vista bit, but what are you referring to, > as far as >> > having a decryption key for Windows stuff? I know they had > one in... >> > What was it? Lotus Notes? > >> He's probably referring to the "NSAKey" key in NT 4. For more >> information, see >> http://en.wikipedia.org/wiki/Nsakey > >> It's a secondary code-signing key, allegedy to be used if their >> primary code signing key needed to be revoked. > >> If you believe Microsoft, the key was called "_NSAKEY" because > it was >> introduced in order to meet NSA requirements for a secondary key. >> Naming things after the software or organization that requires > them, >> rather than after their actual purpose, is not unusual for > Microsoft: >> Their office XML spec is littered with stuff like the notorious >> AutoSpaceLikeWord95. > >> Personally, I don't believe that contemporary operating > systems are so >> secure that the NSA would rather have security holes > custom-built for >> it instead of just using the ones that are already there. > >> peace, >> -- >> Nick > > > - -- Eugene Y. Vasserman Ph.D. Candidate, University of Minnesota http://www.cs.umn.edu/~eyv/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFcDBQFHfE9Qb9W6r3tKSVIRCFCkAQCPtuiKxhgKtxW2Id1PWP0eflsijZLfQ0E7 VpMKZkyicgD+KoadZMAVD9D4gVIW6jRb/foF6ep34f+1KxKgygGOtHg= =I1sB -----END PGP SIGNATURE-----