Slashdot Mirror
MS response to NSA key backdoor in Windows
CitizenC writes "Microsoft has responded to the report of the allegations of leaving a backdoor in all of its products for the NSA. "
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Your logic is circular. In one statement you question their ability to keep the key secure, then in the next you advocate allowing copying of the key. Which do you want? If you allow copies, the key can be compromised. If you don't allow copies, then it can't be (assuming your method of not allowing copies is more secure than just writing "Do not duplicate" on it). Which is it?
Either their explaination is a lie or they're dumber than I thought. Think about it...
If you're worried that you might loose your car keys, do you install a special lock and have two different keys, or do you just have a duplicate key made?
You seem to be confused about the capabilities of this "hole". You seem to think having these keys will give a user root access to the system.
It doesn't.
Microsoft VBScript runtime error '800a000d'
/security/inc/scripts.txt, line 279
Type mismatch: 'CInt'
Great. Enterprise-class reliability, huh?
-----
-----
I tried an internal modem, but it hurt when I walked.
hmm, it sounds to me like they're saying "Yes, the keys exist, but No, M$ isn't going to give it to the NSA."
Does Microsoft have a choice if the NSA requires them to give up a key?
Something still stinks...
numb
Personally, I have no idea, but as to people not believing it...my informal survey says most people really do believe it. Like me they have no way of judging and I think they base they're judgment on the parties involved: MS and US.gov. Neither of whom are trusted anymore.
Considering that it's easy to just hexedit a new key in, that makes little sense. Besides that, you couldn't effectively revoke the old key since a great deal of crypto modules would depend on it, and the users would likely just ignore the 'upgrade'
http://www.microsoft.com/security -->
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
The redundance of the "because we" is indicative of the author having to pause to consider (read 'fabricate') the actual reason that he was going to provide us with here.
Wake Up people!
Why would the NSA need to replace the crypto on a users machine? To introduce a trojan that would send back info to the NSA?
Come on. In order to replace the crypto API they'd need access to the machine somehow in the first place (either by logging in or back orifice or whatever) and if they have that access, they can put a trojan anywhere without the need of a special key.
This key does *NOT* give them access to log into the computer. It simply gives them the capability of replacing the crypto once they've already logged in.
So *WHY* would they need this key to spy on people? Occam's razor would say that people are simply being paranoid, since the explanation would be much more difficult than the reality.
Well, yes, this means that there are two keys that you can use to sign things (and three in Win2k). However, why Microsoft would need more than one is beyond me.. For that reason, I would call it a backdoor. (Not that the normal system appears to be very safe anyway..)
I don't know if the so-called "NSA key" has actually been supplied to the NSA, or even if Microsoft takes much care to look after it. Unfortunately, each key that Microsoft adds will make their operating systems less secure..
If each backup of the key is in eight pieces and in eight different places, there is a backup but stealing the backup is much more difficult. Proper procedures would involve a variety of protections, such as banks with no corporate relationships, vaults of different types, and differing attack types required. For example, a key piece inside a clear jar embedded in plastic hanging from the ceiling of the lobby of Microsoft headquarters would require a different theft method than the key pieces in safety deposit boxes, or the key piece tattooed on a director.
A key can be backed up in ways which make it difficult to reassemble, but the key can still be secure while it is backed up. Particularly if the backups were also encrypted so a piece is even less useful...and the key for the backups does not need as much security as the backups themselves so one does not have to repeat this process ad infinitum.
That said, it is *extremely* doubtful that MS would have allowed this oversight to escape if the key had actually been a 'backdoor'. More likely they are telling the truth in this case. Not as doubtful as you might imagine. Remember that huge reorg that MS went through a couple of months ago? Organizational chaos would be enough to explain the debug symbol leak.
Visiting slashdot is like a trip to the Zoological Gardens, where you can meet other people who share your interests, have some exercise, enjoy nature, etc.
Then there are the monkeys.
Nope. The source will just tell you what we already knew:
To find out why there are two keys we would need to ask the people responsible. The answer to that is not going to be in the source. (Maybe a comment might have the answer to that question, but in my experience things like that generally are not commented.)
Someone later down said that MS must be hiding things if they stripped out the variable names. Well, if I may use hyperbole to make my point, All commercial releases of everything strip out all variable names! The weird thing is that they forgot to on one service pack, not that they did before.
This is really a guess. Microsoft have two CSP validation keys. As they say, they must have at least one to allow their API to meet US export restrictions. If the NSA were to demand a key, with a warrant, they would get one. Now, aren't you glad MS have a key they can give the NSA without compromising their "main" key for future software? (They can use the key they _don't_ give up under warrant in future code, but drop the one they gave up).
Gopher is a common standard! why must all these new-fangled servers use HTML?, Why in my day....
>What if there were no NSA, or FBI? How chaotic would things be, no
>matter how you think of it.
I'd love a world w/o them. How much investigating does the FBI do? None, they're
to busy threatening ppl. Don't fear them? Just wait till it's your turn to be a Branch Davidion, or Randy Weaver.
Animals don't have the FBI or NSA and they exist in harmony, more harmony that us, superior humans do.
Anarchy by its nature leads to order. After a pecking order is established, everything tends to be violence free.
The statement, "Order leads to Chaos, Chaos leads to Order", holds much truth. We in the US have too many laws, this is an example of order leading to chaos. Since there are some many examples of conflicting laws. Your always breaking at least one law, so why not break them all. I say we all replace the "NSA key" and start signing strong into windows, an export it freely.
They can only make an example out of a few of us, if we all export, they'll be too busy processing new cases to ever get us to trial. Much less have jail space for us.
The US Democracy is just a dictatorship with many dictators.
If MS has placed one or more backdoor entrances in Windows, whether for themselves or for NSA, can we really expect them to give a straight answer in public about that is clearly a matter of security?
Of course they deny it. If they acknowledged placing such keys, they would embarass themselves and the NSA (and would then have to concoct some new scheme for the future.)
By definition, public statements regarding security issues are suspect.
--- Bill
But if you overwrite the NSA_KEY with a key of your choosing, you can then insert cryptographic modules signed using *that key* into WinX, and use strong crypto not authorized by MS (ie, outside the US)
Many /.'ers say that one flaw in MS's excuse is that they wouldn't need a second backup key, they could copy the one key. This is wrong! Get it people, MS is showing *correct* behaviour here. The reason is that you would need to copy the key and transport the copy somewhere else. But every transfer of data is potentially insecure! Electronic transmission is insecure (very much so), and moving a floppy disk with the key on it, too (some people have to do this, and they could make a copy, steal/replace the disk, or something else) The first rule of cryptography is: If you transmit data, it is no longer secure! No matter what preperations you take. There is no secure communication channel whatsoever. So the right thing to do is to create two independant keys and never transmit those anywhere. As a side note: Two keys are not less secure than one key. Think about it. If two keys are less secure, we would be terrible insecure with all those public PGP keys on your favourite PGP mirror. The increase in likelihood of breaking one of several keys is not exploitable at all. Marcus Brinkmann
No backdoors? Ok. I get it. back orifice is just making use of security holes in windows which MS wants public.
they don't share keys? heh heh. If the NSA wanted the keys, I really don't think there's anything MS could do about it, even if they don't voluntarily share the keys. either way, NSA has access.
don't like it? better switch to open source...
Any such incorrect security bullitens...
can you point me to one, or are are you delusional, or a troll?
Well, Windows Domain Controllers use password encryption. If you managed to insert a bogus crypto module for that mechanism, you could probably hack into any machine on the network.
That noone on Slashdot actually reads the articles, but just posts their personal rants on the subject at hand.
The ORIGIONAL article DID replace the key, and it had exactly the functionality described, to allow the installation of CSP's
If, at this point, you are wondering what a CSP is, YOU DIDN'T READ THE ARTICLE.
Half the time I wonder if slashdot is populated by trolls.
Just a quick question, sorry if it's been asked before. But what products currently use this criptoAPI right now? Do any of you guys use products that do? Is their a requirement that products that use encryption on NT use it? Would anyone here use a product that relied on this mechinism even if this sort of thing had not come to light? I like NT a lot, but I still don't think that I would have depended on this sort of thing.
Score 3? Funny? 3? For a server having problems?
OK, moderators, I get it. Any server going down must be funny, since you don't have an anti-MS bias. So, the next time anyone's Apache server has problems (less likely, I'll admit), I expect comments on it do be promoted to 3. Otherwise, you've proven the anti-MS bias in your "news."
Believe it or not, some "nerds" don't hate MS.
NSA key or no NSA key, Microsoft and it's customers would want to be worried if the key could be cracked. Could it be done? Perhaps distributed.net style?
I am glad to see that people are waking up and starting to think about their computer vulnerabilities. We are all vulnerable after all.
People take computer security for granted. This leads to overconfidence and a false sense of security. Consumers have been depending way too much on their computer to protect valuable content. The hotmail exploit pointed up the dangers of trusting these Mega email services with plaintext documents, and this latest media blitze is aimed at consumer overconfidence as well IMHO. On the positive side perhaps this will be a deterent to some of the feral script kiddies out there that think they are invulnerable.
As for using a typewriter, there are some authors who use a manual typewriter in a soundproof vault!
The following is a cut-n-paste of MS's response
---
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CInt'
/security/inc/scripts.txt, line 279
---
I don't know how anyone could argue with THAT.
One is stored in the basement of building 7 at Microsoft, the other is tattoo'd of Bill Gates ass.
But, if one key is compromized, MS can authorize a patch to replace all modules with ones signed by the other key, and remove or replace the compromized key. Assuming the bad guys don't get to you first...
anyone with any sense keeps something as sensitive as a key for 80m machines in a tamperproof hardware device
I would even go further and say that the computer with this key is not only tamper proof, but has no way to get the key in or out of it. Imagine that you have a computer that will cryptographically sign whatever data you send to it over a serial line. It could also be prompted for its public key, and would return this to you, but under no circumstances would it divulge the private key.
This means no backup, no restore. When the system arrives, you plug it in and it uses some internally shielded noise source to generate its key. Any attempt to physically remove this key would result in the system clearing this memory.
JET Program: see Japan, meet intere
I'll buy that. I dislike MS as much as the next guy, but look at the other acronyms they use and how they conflict with other organizations/standards/etc. I had a suspicion of this when the article was first posted. Of course, there IS no way to determine if they're telling the truth or not... :)
-Chris
You need a backup (and I believe that the NSA requires it by law) so that if the first key ("key #1") needs to be revoked, you use the backup key to verify the new "key #1" that you receive.
Frankly, I'm seeing a lot of paranoid posts in this thread without a lot of thinking being done. If Microsoft wanted the NSA to have a backdoor, they could just give them a copy of their own private key -- they wouldn't need to write a special new one.
To put a compromised key on someone's system, you need to get administrator/root access. If someone gets administrator/root access on your box, they could do anything they damn well wanted to anyway, so what's the big deal?
Cheers,
ZicoKnows@hotmail.com
for things you expect to happen, you make them to deal with things you didn't expect.
It wasn't Microsoft's idea to have two keys, it was the NSA's (hence, NSA_KEY)
I would think the NSA have SOME clue in reguards to information security, so any advice they offer is probably a good idea.
I can't think of a reason to have two keys, You didn't think of it, and Microsoft didn't... but the NSA did. for reasons they probably arn't willing to share.
And a followup:
/security/inc/scripts.txt, line 279
/security/bulletins/backdoor.asp
---
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be
displayed.
Please try the following:
Click the Refresh button, or try again later.
Open the microsoft.com home page, and then look for links to the
information you
want.
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
Technical Information (for support personnel)
Error Type:
Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'CInt'
Browser Type:
Mozilla (X11; I; Linux 2.0.32 i586)
Page:
GET
Time:
Sunday, September 05, 1999, 7:45:07 AM
More information:
Microsoft Support
---
Seriously, anyone got a mirror without all the active server bullshit?
Looks like Word 2000, or whatever the M$ droid used to write that has a few bugs too. (shocking)
;-)
"... been suggested by the government, because we because we don't believe..."
Must be one of the Windows programmers...
Hippies smell.
It has been extensively and convincing argued in this discussion that having two keys is less secure from compromise than having two copies of one key. If you are so concerned with compromise that you do not permit any copy of the one key, then you do not create a second key either. The latter is equally vunerable to physical compromise and twice as vunerable to brute force attack.
But they failed to mention whether it was possible to compromise windows security by replacing the backup key with your own. On the other hand, this is the first document I've ever seen from MS that doesn't contain snippets of propaganda everywhere.
Rather than let the truth get out, the NSA used their backdoor key to get in the take down the MS server....
/security/inc/scripts.txt, line 279
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'CInt'
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
What's the allegation?
The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.
**Note the above comment made by microsoft is very specific. To specific. Were it refers to start and stop security services is deceptive. Whith the key they may have it may totaly bypass the security. Does any one know this for sure?
Thanks Sherm
We could conclude that they (MS) are telling the truth and we are too suspicious. But then again, maybe not. It has been said that "being paranoid doesn't mean that you're not being followed"...
Possibly, Microsoft can not admit to having installed a backdoor simply because they are required so by law, and/or by a non disclosure agreement.
I know one thing, this smells fishy and just inforces my personal preference for Netscape or even better, open source Mozilla (btw, when will Mozilla finally give us the final gecko)?
--- Hindsight is 20/20, but walking backwards is not the answer.
a) They claim there is a second key so it can be stored at a different physical location for disaster recovery. Why not just make a copy of key #1 for that?
b) If the 'NSAKEY' was really harmless, why did they in previous version remove the symbol for it (but not for the other key)?
Based on this line of reasoning, we could paint the following picture of the hypothesised cooperation between Microsoft and the NSA.
Don't you hope I'm wrong? It's just too sleazy for words.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
The "we had to create a backup" approach works with a physical, tangible object, but with something as easily copies as a set of bytes, there is no excuse to create a second key. The first key could have been copied as many times as the first and second keys combined.
P.S. It's draconian for the NSA to limit what you could insert into an existing cryptogroaphy framework... even if that module is developed outside of the US! Pathetic.
P.S.S. I would have named such a key "Checkkey", "BackupKey", or something similar. NSAKey is simply too suggestive to even risk putting into a piece of code.
The original [British] government bill on electronic commerce required a third party to hold a key for any encrypted message - ie key escrow. I recall a certain large software company strongly endorsing the proposals...
.sig here.
No matter what it looks like, there isn't a
No matter what it looks like, there isn't a
If the key is so insecure as to be a major security threat by simply halving the odds, then there's a bigger problem.
It's still well outside the range of anything but astronomical dumb luck to find assuming a sufficiently large keysize.
Hey Microsoft, there's one way you can prevent any further accusations, show us the source! If you have nothing to hide then fork up the source to your accusers and say "check it pal, no back door" or are you afraid of what they might find?
How we know is more important than what we know.
> What grammar issues?
In the sentence "Microsoft does not leave 'back doors' in our products", the word "does" is the third person singular form of the verb "to do", whereas "our" refers to the first person plural.
Well, you did ask.
Registering accounts later than some other chrisb since 1997
What could they say that would make you believe that they are telling the truth?
I believe that, even if they are telling the truth, there is nothing that they could say to make you believe them.
You are currently saying, in effect, that "MS is evil. I know this to be true a priori. It looks like thay have done something sneaky. They deny it, and have presented an explanation. Since they are evil, they must be lying. Therefore, they really did sneak in this bad thing, proving their true evil."
I've even seen some cries of "Show us the source code." Do you really thing that there would be a comment to the effect of "here's the NSA's back door. Don't let the public see this?" And even if:
- There never was such a comment, and
- They released the source code
many of you would claim that they stripped out the incriminating comment.With this kind of logic, of course Microsoft must appear guilty; you've left then no way to prove their innosense. Before you condemn them, ask "have my prejudices left any way in which they could clear themselves?" If the answer is "no," then you're letting emotions cloud your logic.
Utter Shite. Brad
1) Never implied other firms did not put
broad disclaimers on their sites.
2) Specifically noted that it was a
boilerplate disclaimer.
3) Protecting oneself from random litigation
is reasonable. Making assertions about
how one treats customers and then
stating your assertions have no meaning
is simply amusing.
Generated in a hardware tamperproof fortezza like device, that does not allow the key to be extracted, only used. so that the key can never be copied without Microsfts knowledge, because it cannot be copied at all.
While is essential that the key never be lost, it is even MORE important that it never be stolen.
If the key is lost, well... you have to release a service pack with new keys, if it is stolen, the NSA, Commerce Dept. Department of Justice, CIA, Pentagon, FBI, OSI, NRO, etc. etc. will NOT be happy.
This dude is asking for trouble- the topic has nothing to do with linux. I would like to see more of his poems(?)/songs though
One could argue that if someone steals one piece of the key, this person would be able to eliminate all keys that don't have that piece from a brute force atack. To solve this, the key owner could create a simetric key to encript the backup key divide it and store it in pieces with the backup key, by doing this it makes harder for a person who steals one piece of the key to get info about the final key. Only when one steals all the pieces he would have the key to decript the backup key.
Since kripto-keys are basicly random numbers a force brute trying to decript onr piece of it would be useless, since the atacker won't have a way to check if the key is decriptet or not.
--
"take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
[]'s Victor Bogado da Silva Lins
^[:wq
Bill wrote the Crypto-API.
yeah, sure...
Don't you think he's a little more busy than having he time to write all MS software himself?
s/Unix/VMS/g (I think - my sed's a bit rusty)
--
Cheers
Jon
Cheers
Jon
ONE LAST TIME. symmetric and asymmetric key lengths are totally different beasts! a 512bit asymmetric key being cracked says very little about 128bit symmetric key security. Please learn about cryptography, since you KNOW you can't trust companies or the government about it.
If Microsoft needs to have a different backup key in case the first key is compromised, they could have said: "we have a backup key in case the first key is compromised." But they didn't. Their story as stated is bogus; they could simply have multiple physical copies of the first key (and probably do). Which means they are lying. Which means the truth is more damaging to them than the story that they are telling.
"grammar"
You do realize that it's impossible to write a post criticizing someone else's use of language without misusing language yourself, right?
BWAHAHAHAHAHAHAHAHA! Yeah right. This is so laughable, one wonders why MS even said it. I can just see the NSA knocking at MSs door, armed with warrants and sporting a small amry of US Federal Marshalls, FBI goons, BATF agents, etc., seeking MS's private keys and MS telling them to buzz off. Not in this universe.So long as other crypto keys exist controlled by people not under your control, your crypto cannot be secure.And the gov't always talks about crypto like there is ALWAYS two or more crypto keys in any scheme so why not to let the gov't have one for use with "appropriate court orders"? Bullshit. If I'm going to use a crypto system, I will have all the decryption keys or I won't use it.
Look, ignore the flames, it comes down to the argument. The "disaster recovery" keys scenario makes no sense, two keys are less secure than one duplicated key. Several people have said this, but it should only take one, as there have been no convincing rebuttals. People obviously have various biases, so just keep your eye on the ball (the argument).
Why is it called NSAKEY whynot like WEHATELINUXKEY or something. Besides if the NSA reviews it for compliance, doesnt that mean that they have it?
i just put in
They may have responded like its no big deal, yet if all they said is true, the keys are still there! The CSP's they speak of could have been handled through another method, and surely not as inconspicuous as they are now.
Secondly, how can we know the validity of their arguments? For an example one must merely take a look at BackOrifice.
Once again I feel even more secure staying in my safe Linux environment, I have access to the code and that is great leap above and beyond anything that Microsoft can offer me.
"..a civilized nation will have full gun registration. Our streets safer, our police more efficient, the world will foll
The signatures in CryptoAPI are there because they are LEAGALLY REQUIRED. Microsoft is incorporated in the US, not the Bahamas, Russia, or Netherlands. Microsoft executives would be PROSECUTED if they didn't have those keys (or some other restriction) in Windows. the choices are:
1) Allow any crypto module, and go to prison/fines
2) Allow no crypto modules, and hence, no security
3) Only have a few, non-extensible, non-configurabile cyphers.
4) Restrict the use of crypto to US Govt. approved modules, so that people can use the crypto OF THEIR CHOICE, including THIRD PARTY COMPEDITIVE modules.
Microsoft chose the option that allows YOU the greatest choice, and flexablity, and here you are, bitching and whining!
Actually, I think that having two keys is less secure than one key in two places. A brute force attack has two items to check with every possible key combination as opposed to one. Microsoft's naming of NSAKEY sounds like quite a stretch. As a programmer, I name my variables to represent what they are. My name for the second key would have been very similar to the name of the first. Think about it. If you were Microsoft and you just got caught with your pants down, what story would you come up with? It would sound a lot like the one you just read at Microsoft.
I would think that the signing machine has no network interface, is kept locked up in the security offices, and is password protected at many levels. (BIOS, Boot, Drive, and File)
Far be it from Microsoft to LIE or anything.
"Its not a car. It is merely a steerable metal box with four wheels and an engine, nothing more."
Bowie J. Poag
Bowie J. Poag
But does the Unix programmer's bad sense of humor apply here? It's not Unix that's being programmed...
so i wrote it and submitted.
but submission failed. it failed more than once. to be more precise, i tried 4 times and it failed 4 times. (error: Microsoft VBScript runtime error 'XXXXXXXX')
so i take action based on info from error page: go to another page and fill error report.
error report asked about lots of things but two of them were OS and BROWSER.
i happily fill them with "linux" and "netscape".
error form submission failed too. i tried 3 times.
then i "corrected" those two fields to "windows" and "explorer" and - surprise - error form worked!
after some time some person from MS tech-support contacted me. so i repeated my original reports about errors in their forms.
i received reply: linux is not supported by us
i tried 3 times to make argument that such errors are not related to my machine or browser (only in case theire scripts are handling such info and are handling it with less success - which is again not my fault).
i failed.
what's the point?r ver_eror-server_is_busy-...
maybe the only legitimate and truly meant "response" from microsoft is "runtime_error-we_do_not_support_that-internal_se
hany
I was on the Win95 beta program, and every CD that came had a top-level readme.txt describing the contents of the CD. The very first line of that text had an "it's" for the appropriate "its", as well as a number of other grammatical mistakes and a couple of spelling mistakes. I repeatedly pointed out those mistakes (along with a few bug reports) after every CD I received. And less than half the time I got a reply that said those mistakes were being fixed. CD after CD had the same text and help files with same serious grammar and spelling mistakes, some files with new mistakes. And lo! I received the final beta CD, and there were all the original mistakes in all the same places! If MS hadn't actually taken the few minutes to fix a few errors in some text file, why should I have believed they actually -fixed- the bugs in Win95 code?!
The difference between "it's" and "its" is a serious breach of communication form. We communicate by using an agreed-upon form to turn our ideas into speech, written and verbal. If we don't use that form correctly, we lose the ability to communicate effectively, and our ideas are clouded or lost.
Mr Foobar (who's forgotten his password again)
Like the NSA actually needs a backdoor key to get into a user's computer system! What a joke.
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
The NSA told them to have two keys, that's why it's called 'NSA_KEY' read the damn articles.
Not a bad response for a holiday weekend.
They responded quickly, without Marketing, PR, etc. review. so this is the first, truest response, when the marketriods get back or tuesday, then you may see some spin.
Washington post had it too, with some slashdot like rantings included.
Can you trust Apple? Redhat? Intel?
You are at the mercy of any vendor that you use.
How do you know Masterlock isn't using a private key to wander into your house?
Or that the phone company isn'tt aping all your calls?
Paranoia becomes a problem when it interferes with a functioning life, get professional help... but then, what to stop the psycologist from messing with your head?
If that were true, then Distributed.net spending years cracking one 64 bit key magically cracks EVERY 64 bit key? I don't hink so. Validation does take time.
http://ntbugtraq.ntad vice.com/default.asp?sid=1&pid=47&aid=52 has a very reasonable outsider's perspective of what this issue is about.
Furthermore, there seems to be some confusion between CSP's and providers of authentication on NT. Assuming the worst possible case (e.g., the NSA can break everything encrypted via CryptoAPI), this has nothing to do with someone subverting LSA or kerberos and logging onto your system and reading or modifying your files.
In other words, you should really only be concerned if you're using the CryptoAPI to encrypt sensitive stuff. If you don't trust the CryptoAPI, then you can always use something unrelated, like PGP. But if your paranoia level is that high, then maybe even PGP has "backdoors" that you're unaware of...
Um, have YOU ever heard of something known as SCOPE? Since the key is the same for EVERYONE, no single warrant would have the power to cover it, unless EVERYONE with Windows (either individually, or by inclusion) were named in the warrant. No judge in his right mind would sign a warrant that broad.
And while we are at it, what possible reason could be cited for the need to have this Key? It's not used to encrypt anything, just to verify the validity of an encription module.
Why choose white shoes?
Is why you shouldn't smoke crack.
.MP3's, software and Movies, maps of military bases, hi-res satillite photos, Plutonium, dead bodies, albino tigers, prostitutes, pandas, true 56k modems, pipe bombs, and blue lights on your car. why don't you complain that Microsoft dosn't provide you those?
Has anyone knowledgeable ever cliams that these keys can nullify your encryption?, all these keys do is validate that a module is allowed by Microsoft, you (or someone else) still need to validate them yourself.
lets play with our imaginations...
lets pretend there are no keys...
lets pretend CDC makes a Crypto module that includes a back door, allowing anyone to read your data. You joe-shmo user unwittingly install this module, and thier data is now unprotected.
now lets go to the real world (don't be afraid, it's not to much worse than he world you live in)..
Someone makes a malicios module, and you unwittingly install it, it won't run. why?, because Microsoft protected you. now You may not want Microsoft to protect you, but then, you can use PGP, Linux, or whatever you want, Joe Shmo, who buys Windows, Deer Hunter, uses AOL, and thinks his CD-ROM drive is a cupholder NEEDS protection for his own good. he can't be bothered to worry about all the little technical issues, he just wants to shoot virtual deer, download porn, and have somewhere to put his beer.
This is all aside from the fact that Microsoft is required by LAW to put those keys there. (or some other restrictive mechanism).
You may not like that law, but there are many things aside from strong crypto that are restricted, like gold bullion, more than $10,000 cash, kiddy porn, crack, pot, and LSD, fully functional sherman tanks, slaves, mobile police scanners, cell phone cloning equipment, 65,536 mhz crystals, pirated
After reading the MSFT disclaimer at
the bottom of their comment on the
alleged backdoor, it is hard to
take anything they say seriously.
For those who didn't read the small
print, here it is:
September 03, 1999: Bulletin Created.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Now, this does read like standard lawyer
CYA BS, but when they're telling you to
trust them and following the statement
with an overarching disclaimer...well,
I don't have to be a crypto expert to
know *my* security is best served elsewhere.
"We do not share them with any third party, including the National Security Agency or any other government agency." Who's the Second party? I don't remember getting a copy of the key. Bad grammar, or subtle wordplay?
Why choose white shoes?
They made the first one, the the NSA reviewed it, and told them to add a second one. Who knows more about encryption, You, or the NSA? .. I suppose that depends on how you define 'knows more'. Fortunetly, I consider 'knows more' to mean 'more knowledgable', not 'more of an idiot'.
must be another "de-facto standard"
Somebody get our flag back!
Liars! They've a verifyable history of leaving back doors in their products, one of which led to the arrest of the creator of the Melissa virus. They have a long history of undocumented API's, tweaking their products so that competitor's software won't run and an assortment of back doors designed to track their end users.
With such a bald faced lie so early in their rebuttal, I'm hesitant to believe anything else in the article.
The NSA had them add the second key when them reviewed it.
Yes, that's right, it's for executable code.
But verifying and executing are two very different things. If you don't install it it won't run.
Yes, it is easy to find holes in Windows, but the NSA is not going to rely on *inadvertent* access that could disappear with the next patch. They want to *know* they can get in and not have to constantly shift techniques.
Hmm ... All Microsoft has accomplished with this "response" is to confirm that they are trying to hide something.
The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows 95, 98 and Windows NT. Clearly, this would be a massive undertaking.
I'd be laughing, because this is so ridiculous on its face, but being lied to doesn't really strike me as that funny.
This makes no sense. Is the cryptographic development team at Microsoft so stupid as to not understand how computer data is backed up? I suspect not.
I mean, I have a key to my front door. I might lose that key, but even if I did, I wouldn't be locked out of my house, because I made a copy of the key and I keep it locked up at work. The Microsoft "explanation" is like my installing a SECOND DOOR on my house, with a completely different key, in case I lose the key to the first door.
Microsoft's statement implies that Microsoft has exactly one copy of the key, and either will not or cannot make a backup. Never mind a "natural disaster" destroying the building, how about a disk crash? Electrical storm? According to Microsoft, there is something special about this EXTREMELY important little piece of data that prevents it from being backed up and stored offsite.
In this case, the Microsoft statement should raise alarm bells -- Just how much MORE of the Windows source code exists in an un-backed up format, and what does this imply about Microsoft's ability to continue cryptographic support for their customers?
Or it could just be that they're lying through their teeth, and hoping that the point will slide.
Of course, no one outside of Microsoft, and presumably the NSA, knows what OTHER secrets are buried in the massive Microsoft binaries, and whether or not any other parts of Windows use that "NSA Key" or not.
My advice would be to only use Windows or any other Microsoft product under the assumption that it has been compromised by the NSA from the inside .
is this quote: "Sun has had run-ins with the NSA in the past. Two years ago, the NSA objected to Sun including encryption in the exportable version of Java 1.1. The end result was that Sun stripped encryption out of Java 1.1 and the software was delayed by about six months."
I remember this delay, and I don't remember Sun ever mentioning it was due to NSA related issues... which is fine, but what I do remember is that MS drug them through the mud over the delay!
Now, considering how everyone in the these circles usually knows what's happening to everyone else involved, I would say that it's a good bet that MS knew the real reason behind this delay, and knew that Sun wouldn't say anything, and took the opportunity to kick an opponent when he's down (not like they don't always do this), but somehow this BS from MS, never ceases to amaze me...
Sigh and yawn...
Maybe the key was labeled deliberately that way by an m$ programmer, so that it eventuelly would be discovered and cause outrage? If that is the case, then I have alot of respect for that guy. At least someone standing up against US government control freaks.
Isn't Eschelon suposed to be doing industrial/economic spying for American businesses? The sort of arrangement you describe would fit in nicely to that scheme. Of course the compelling interest of Microsoft to obey the NSA might just be pictures of Bill Gates' micro-softy, or access to old-boy's networks at the DOJ and Federal Court system.
This is used to verify such things as Active-X and Java applets I believe. So now the NSA can sign things and you will run them. For the NSA to do a hidden redirect when you go asurfin would be pretty easy for them, I bet. Hence, it is a backdoor. It is a bypass of the security model (which, unfortunately, in based on the premise that you trust MS. Probably, you don't, but the NSA doesn't either.)
Ever hear of offsite backups? Or commerical key escrow? Or n of m data splitting techniques?
Either (1) this is an outright lie, or (2) Micro$oft doesn't know how to manage critical data. (And that's not an exclusive or.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
The first thing that occurred to me (and others in this thread) was that you need only make copies of the key to safeguard against its loss.
Does it really seem likely that Microsoft has only one copy of a key on which their software depends? Not bloody likely. There must be redundant backups. Furthermore the key is probably not stored exclusively in some super-secret place; they need it to generate new builds, a process done on a daily basis. That means that the release engineering team has access to it and you can bet that they're not walking over to some ultra-secret building with the build bits every day.
It makes sense to have a developer key (though it should really only be used in internal builds), but the only way it makes sense to have a second production key is if it belongs to a second party. There is no additional security provided by having a second key that wouldn't be provided by having backup copies of the first key. In fact, it's more secure since two keys gives you twice the targets in a brute-force search for the private key.
So: I think we can take Microsoft's response as being pure bullshit. So why is the key really there?
Consider this new evidence in light of the recent request by the DOJ for the rights to surreptitiously monitor your computer system given a sealed warrant. Well, that key would make it a hell of a lot easier to insert evesdropping hooks, wouldn't it?
Now, aside from not being all that keen on companies selling my personal information all the time I'm not much in the way of a privacy nut. If they want to monitor my system, hey, it's their time and energy to waste. But don't ask me to believe bullshit "backup key" arguments. It ain't so, and you're insulting me by suggesting it is.
That key is there at the request of the US government, you can bet your last dollar on that. It gives them the ability to drop in a bug that can monitor any data manipulated via the crypto API. This is a better technological solution than key-escrow.
Now here's the way you can use this in your favor: build a software package that checks the signature of the crypto API against the different keys. If you have one that verifies against the so-named NSA key then you're not using the stock Microsoft package anymore. And wouldn't that be interesting?
jim frost
jimf@frostbytes.com
On the other hand, there are plenty of easter eggs (up to entire litte game engines) inside the code for M$ products. This shows that it is possible for the M$ developers to hide significant portions of code from their management. So there is no technical but rather an ethical restriction on how malicious hidden code inside Windows can be.
Ergo, if there's enough really pissed developers who gather and introduce a backdoor into Windows, it could be possible.
Hey, wouldn't that be something? Let yourself be hired by Microsoft, gather the illoyal employees around you and ruin the product!
Yes, you are right there. -- Another glass of champagne?
The FBI wants capacity to be able to tap 1% of domestic calls simultaneously.
European gov't complains about (and reveals the existance of) Echelon - a keyword scanning station.
In marrying those two, you end up with very impressive domestic surveilance capabilities. Agents no longer need to actually "listen" in on phonecalls that may or may not be deemed suspicious, as Echelon can monitor telephone, fax, email, etc... Probably merge all those results together and give a very detailed account of people, based on their insecure communications.
They must have posted this so quickly that the couldn't even have it proofread... Nervous? Probably...
AND DO WHAT WITH IT? You people are a bunch of paranoid loonies. The key will only allow ADDITIONAL encryption modules be installed. It cannot break any existing encryption. P.S. I saw the president posted something on USENET the other day. It had president@whitehouse.gov in the From: field so it must be from him....
Incompentence is always credible from MS.
Something just occured to me. Regardless of whether MS uses hardware or software encryption, it's possible to use the threshold problem to break a secret into multiple N pieces where any M are sufficient to reconstruct the key, but M-1 are not. (Not all hardware signers have this ability, but IIRC some do and it's a prudent precaution.)
That means that MS could take their primary key, apply a (7,4) algorithm on it, then put the pieces in a safe deposit box in Seattle, New York, LA, Boston, Atlanta, Denver, and Calgary. Any four pieces are enough to reconstruct their private key.
If four of those keys are unavailable at the same time, then Microsoft losing its private key will be among the least of our problems. No pair of cities, except Boston & NY, are within 1000 miles of the others so only an "extinction level event" would take them all out at the same time.
Conclusion: MS is blowing smoke. Either they're totally incompetent, they're lying, or they have a profound breakdown in internal communications. (The same options apply to the "advanced web programming" (HTML forms) comment regarding the hotmail fiasco.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Two keys are *less* secure than one. Are they "significantly" less secure, i.e., does a factor of 2 matter that much? Probably not. However, the fact is that Microsoft's solution is less secure than the one obvious to every bimbo - back up - so their story is not credible. Even a justification neutral to compromise would be questionable, since this approach can, and in fact did, open a hole in the architecture, but one that is more vunerable to compromise, even if by a "mere" factor of 2, doesn't fly at all.
You need a backup (and I believe that the NSA requires it by law) so that if the first key ("key #1") needs to be revoked, you use the backup key to verify the new "key #1" that you receive.
I can see why Microsoft would want to do this, so they don't have to spend millions on a worldwide upgrade of all windows systems (like the Pentium bug), but why would this be required by law? There is no element of "national security" of any interest to the NSA in this, unless there's something Microsoft is not telling us.
We probably found something, but it isn't what we think it is, so Microsoft is trying to create a diversion so put us off track by pretending the key is only used for CryptAPI, when really it is being used for other things as well. Someone should really see what else this key can be used for.
--------
"I already have all the latest software."
But if they're going to rely on a patch, there's no reason to have the second key there *now*. The patch could overwrite the old key with the new one. There is the problem of what about all the old legitimately signed stuff, but the second key does not address this problem. Besides, the reason they gave for the second key was to avoid the pain-in-the-ass to customers (like they care) of a patch in the first place.
you said: "And then we finally arrive at the crux of the entire matter. There shouldn't be ANY built in keys for any reason. .." Thats silly. You ovbiously don't understand how this technology works at all. Without a key to verify the source of the crypto code, there could be no security whatsoever.
As I posted elsewhere, yes, MS is full of holes, but the NSA is not going to rely on inadvertent access that could disappear with the next patch. They want to *know* they could get in.
I've got my very own stalker! I finally hit the big-time, ma!
Cheers,
ZicoKnows@hotmail.com
You have no concept of the problem here. A more appropriate analogy would be a Distributed.net cracking one 32 bit key. Every key has nothing to do with it.
These MS-signed crypto modules run as the super-user (as every MS component does). These modules could contain any code at all.
I could write a module that, when fncDo_crypt function is called, spawns a (hidden) remote-access server that allows me to control the computer, access files, etc. If MS (or the NSA) signs it, I have access to everyone's computers (and I can flag the most sensitive data - the stuff that was supposed to get encrypted).
Don't trust MS crypto, nor even PGP (it's proprietary, though I guess it's better than MS-CruftAPI), but only OSI-Certified OSS alternatives, such as GnuPG.
'Nuff Said.
--------
"I already have all the latest software."
It's a sad day when the people who have a security model premised on your trusting them can excuse any possible wrongdoing by credibly claiming incompetence.
You're really stretching. Even at MS, PHB's are not quite as dumb or omnipotent as in Dilbert. Occam's razor would say call it an NSA security hole instead of postulating this entire purely speculative narrative of incompetence.
my first reaction was I'm glad I'm not running
any version of Windows as my primary home OS.
No matter what MS say, how will anyone know for sure whether what they say is true or not? The only OS you can truly trust is one that gives you its source code...
This is an excerpt from a summa ry of the internet auditing project.
Friday, our Japanese participants discover that a computer on their company network has been cracked into, one very secure Linux box running only SSH and Apache 1.3.4. Now this would definitely send a chill up your spine if you knew just how fanatic our friends are when it comes to network security. Furthermore, they only detected the intrusion three days after the fact, which is unbelievable when you consider the insane monitoring levels they've been keeping since they agreed to participate in the scan. They would have noticed any funny stuff, and in fact, they did, lots of it, but none of which came close enough to a security breach to raise any alarms.
[..]
The attacker knows the employee's username and password and is even connecting through the employee's Japanese ISP on the employee's account! (the phone company identified this was an untraceable overseas caller)
This information could not have been sniffed, since network services are only provided over encrypted SSH sessions.
Further investigation shows that this employee's personal NT box, connected over a dynamic dailup connection, had been cracked into 4 days earlier.
[..]
How the NT box was cracked into in the first place is still a mystery. The logs weren't helpful (surprise! surprise!) and the only way we were even able to confirm this had happened was by putting a sniff on the NT's traffic (following a hunch) and catching those sneaky packets redhanded, transmitting our SSH identification down under.
Hmmm...
The best evidence is: is what MS says reasonable? As many other posters have pointed out, this "backup key" business is actually *less secure* than replicating the one key.
Any chance to jump on the 'bill gates is evil' bandwagon eh? How about all the problems with crontab and ftpd's that are popping up every day? But no, we find out that instead of just one key, they have two, and one might be held by the NSA everyone goes into bash-microsoft mode, making up stupid claims like that this is a 'backdoor' or the like. First of all, what do you matter anyways? MS has to write up a nice little response and obviously they are going to say exaclty what they said, you would too. It's unfortunate that the response wasn't proof read a few more times so the 20 people who think that grammar is really the issue at hand here wouldn't have had anything to bitch about. Anyways, grow up children, Microsoft is obviously doing something right. It's trivial to exploit all these silly little linux bugs that keep popping up, is it that easy to exploit this new NSAKey 'backdoor' or whatever you wanna call it? So who's making the insecure software anyways? S4t4n was here
The argument used by MS is of no value: they have two keys. If a disaster happens in the building where the keys are kept, they would both be destroyed, so the problem of delivering a new key to all previous users remains. Why don't they keep a backup of only one key in two (or more) buildings, which covers the problem! For this reason (I don't believe that in a big company like MS there is nobody thinking of something as simple as this!). So I really think this NSAKey is really ment for Big Brother watching you and everybody using MS-Windows. Go Linux!
The whole issue of whether or not the NSA has a backdoor into CryptoAPI is moot, frankly. What's being missed here is that the system allows *arbitrary replacement* of the backup key, which would allow *any arbitrary CSP* to be installed on for system use *without user intervention or knowledge*.
How long before we see a trojaned CAPI with an installer that replaces the backup key? While there is potential for abuse by law enforcement, there is also *significant* risk of key compromise by third parties as well.
Where would you like your keys to go today?
-- Cerebus
I am not compleatly sure how MS Crypto works, so I am asking this not as flame bait. Is MS saying in this press release that the goverment dose not have keys ("Back doors"), but MS dose? Someone please clairfy this. Thanks
pronounced "GRA-mer"
--------
"I already have all the latest software."
I guess their explaination could be true, but I would still feel a bit nervous about using Windows after reading this. Fortunately this issue doesn't concern me. :-)
TedC
This is simply unrealistic. You are arguing that simply having backups makes data insecure, regardless of where the backups are stored. Granted the key is only secure as the weakest link (or backup), but multiple copies are needed in this case. Its evident you've been watching movies a bit too much. Redundancy is needed in the world, no matter how secure/protected you think one site is.
This even isn't worth arguing since this key isn't just a use once signature. Any new cyrpto packages approved by Microsoft has to be signed, meaning that somebody (or some group) has this key and is using it on a semi-regular basis. With Microsoft I doubt this person walks into the basement with retna scanners, multiple ID checks, and armed guards. Instead they login to the corporate NT domain server to access it.
Encrypt their key, send it. The API would have to be compromised in the first place to get the key, then once THEY decrypt the message & get the key, THEY have no additional info since THEY've already compromised the CryptoAPI.
Simple, no?
As for your assertion that any transmitted data is insecure, there are always tradeoffs made. Military plans don't gather dust during a war--they burn their OTP. This key should be no different. Keeping one key w/ no backup is reckless & irresponsible.
What you seem to be missing is that the NSA Key is not protected. Any program can replace it.
:)
So much for having to crack a private key. ("Not fair! You cheated!")
"We do not share them with any third party, including the National Security Agency or any other government agency."
One would be deluding one's self if it were thought that Microsoft doesn't have senior level programmers, product managers, etc., on the payroll of the NSA. Microsoft is too big and too important for that not to be the case. Similar things occur in places like GE and Boeing (for perhaps more obvious reasons), and you can bet that MS is in the same boat.
That said, it is *extremely* doubtful that MS would have allowed this oversight to escape if the key had actually been a 'backdoor'. More likely they are telling the truth in this case.
check out:
http://www.counterpane.com/nsakey.html
Which part of "Active-X" and "Java applets" didn't you understand? These execute automatically on web pages and can also be sent in e-mail. There is no installation required.
Now here we have a company whose entire history in respect to its security has been a joke. Their idea of secure has been to use a simple hash to hide user's passwords. And then comes out this piece about the back door and people are genuinly surprised, come on!
You don't think M$ has a little hidden entrance for itself on top of that? I know it may seem a bit conspiratorial but you have to take into consideration the mindset of this company, basically absolutely ruthless. They'll do anything they have to in order to get ahead of the game, including in this case selling out their customer's security options just so they can sell overseas..
Now I realize I use M$ products for the time being but their policies I do not agree with at all. As for this hype, ask yourself are you genuinely surpised to find that it exists? This person isn't.
toufic
The key will only allow ADDITIONAL encryption modules be installed.
That is incorrect. Please read the articles again.
They are, however, prohibited from providing "hooks" wherein such cryto could be incorporated into their systems. I always found this idea legally and technically ambiguous, but that's how it is - for Netscape, Oracle, and the rest, too.
Can somebody explain to me why the primary key couldn't be stored in more than one place? Crytographically, having one key stored in two places is no less secure than having two keys, each stored in one place.
Hands up everybody who believes Microsoft's explanation? Nobody? No, I didn't think so.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Since noone seems to have really mentioned it, I felt I should point it out.
Everyone seems to be focusing on Microsoft, but anyone who has read a Tom Clancy novel knows that the NSA will tell MS to lie about it until the day the company goes bankrupt.
If the NSA says it is a matter of national security, then MS will deny any thoughts of ever considering an NSA back door, whether it is there or not. You could have 12 memos from MS VP's and 5 from the NSA that discuss standards for the NSA key and encryption algorithms, but MS would deny it till their servers are cracked and brought down, then go on denying the problem.
It isn't really MS's fault. They probably don't have a choice.
Why do you think open source advocates are painted in such a poor light. Someody out there wants open source advocates to look like extremists and conspiracy hunters. If you want people to believe your story, discredit your opponents.
I doubt MS let the NSA have a back door just becase they thought it would be fun. Chances are someone told somebody else to do it. MS is just the pawn here.
--"Cynical?? Who's cynical???" -k-
Of course! And just to make sure that there is adequate "natural disaster" protection what better place to keep this valuable asset protected from Redmond sliding into the ocean than Fort Mead Maryland.
What a PATHETIC answer!
Then again maybe they have seen the writing on the wall and the whole MicroSmurf campus will be swallowed whole. But everyone can rest easy because NSAKEY will be safe!
that this is M$'s version of
Try going into lynx "O"ptions, "User (A)gent" and
typing "Mozilla 4.0 (compatible; MSIE 4.0/Win95)".
Mirabile dictu, it works!
The workaround for Netscape on Linux is left as
an exercise for the reader.
Microsoft says they do not leave back doors in their products. Windows 95 Registration wizard anyone, anyone?
Come on! No back doors there.
My reading of this is; it may be true, it may be false, but it doesn't matter, because the first thought of anybody reading the story is, "boy oh boy, isn't that just like Microsoft"! If you think of Microsoft's history, their corporate culture, the performance of their VP's in the DOJ trial, everything about the story fits dead bang on, whether it's true or not.
It is like the definition of mythology (I have forgotten the source), which is, "Mythology is that which is truer than true".
Like mythology, this whole affair seems to be taking on a life of its own.
P.S. If you are a Microsoft shareholder, be very much afraid!
Sorry, you're wrong.
Without getting into the discussion about the NSA, the NSA can review the program without seeing the key. Look at PGP and GNUPG, the software is available, you can look at the software, but you can't crack my private key.
-- Error: Cannot find file REALITY.SYS - Universe halted, please reboot!
He is the REAL Evil force at microsoft.
In an interview, he was asked, "Are you a `gadget guy'??" He responded (with disgusted look) Absolutely not.
When asked "Do you have a computer in your bedroom?" he responded, once again disgustedly, No, i don't.
I think it would be a safe bet to assume that he is evil, as well as stupid, and the REAL person running Microsoft.
Opinionated Law Student Strikes Again!
This IS A BACKDOOR. The "signing" is question is not exclusively of documents, but of executable code modules like Active-X and Java applets. For someone like the NSA to intercept your HTTP traffic and install a hostile applet would be trivial. They are already monitoring your phone (search for ECHELON), so they could probably do an intercept between you and your ISP if they wanted (pre-empting arguments about dynamic IP addressing, not that those arguments those are strong anyway).
-- in terms of the NSA being able to break longer RSA keys, I think it's worth mentioning that 1024-bit RSA is not 2 times as difficult to break as 512-bit, but rather 2^512 times as difficult! 2^512 is..well..a pretty big number :) My feeling is that 1024 bits, and certainly anything significantly longer, will be ok for now, at least until someone gets a quantum computer working (which is probably a quicker attack method than brute-forcing it with current computers) Daniel
There is a disclaimer at the bottom of the page that says that information is as is without warranties of any kind.
Does this mean that any information on that page doesn't really mean anything at all?
There are no stated or implied warranties on the above.
Microsoft is obviously going to lie about having a backdoor if it is a back door. There is a problem though why would the NSA need Microsoft to backdoor their product. Windows security is legendary in terms of openness (sarcasm). This does not seem the style of the NSA (well I don't know the style of the NSA), but this is silly. It is so silly I lean towards believeing the NSA has nothing to do with it.
Which part of "Active-X" and "Java applets" didn't you understand? These execute automatically on web pages and can also be sent in e-mail. There is no installation required.
Not if you disable activex and java applets in IE. Java is sandboxed anyway, and activex uses a trust scheme. If it's unsigned - don't allow it to run.
Even though you may have no control over it, it would seem likely that there is some undocumented way to determine which key is being used. Having two utterly indistinguisable keys is just too stupid, if not for MS, than for the NSA who's (at least) approving this mess. The NSA is going to want to be able to distinguish between their applets and legitimate MS ones. Possibly, they will sometimes want to blur the distinction - they may have the MS key too - but not always.
... by simply creating some message and signing it with the secret backup key. Anyone can then verify with the public backup key that MS is indeed in possession of the key, and not the NSA. Of course, this doesn't prevent the NSA from having the key, but at least it would make MS' story a lot more believable.
I can't comment on whether CrytAPI really can be used as a hole (nothing I've seen, aside from ranting here, indicates it but I don't use Windows and haven't bothered about it much) However, even if this is true it is NOT true that 'everyone' could exploit this. The key in question is a public key. The private key is held by an unknown party (either MS or the NSA, I suspect MS -- don't blame conspiracy for what incompetence can explain etc) and THIS is what will be needed for anyone to exploit the alleged hole -- if you can crack the key, say, before the next Ice Age I will be duly impressed. Daniel
Wait a minute... you mean OSS really stands for Open Source Software??
Damn.. I was sure that Microsloth was breaking into the OSS software environment with their new Open Security System...
Come one... *ANY* crypto algorithm with a backdoor is inherently insecure. If I want my files to be secure, then I want them to be readable/accessable only by *ME*. If I send you Public-Key encrypted email, I want only *YOU* to be able to read it with your private key... Nothing said I wanted it to be *YOU* and *Microsloth*... and whoever they deem should have their special back-door key.
And who here really trusts Microsloth anyways?
Are there two keys?
Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.
Did anyone else notice the present tense used in this statement? "We do not share"? Not "we did not share" or "we have never shared..."
However, Microsoft holds these keys and does not share them with anyone, including the NSA.
Hmmm, same thing again. I wonder if MS is leaving itself a verbal out in case it is ever caught having once divulged the keys to the NSA. "At the time that statement was made, it was literally true." The old politian's art of deceiving without lying.
Or perhaps I'm just paranoid.
Oh yeah, I am.
--LinuxParanoid
P.S. Further verbal obfuscation could be exploited by not specifying whether one was talking about the public key or the private key. Hmm, MS doesn't make that distinction in its written statement either.
P.P.S. These statements are observations, not a conspiracy theory!
Am I the only one who noticed a few grammer errors in the response? I wonder who approved the text. . . MS is not that sloppy with what they put out. Wonder who wrote it?
Hmm, you're right. So unlike Redhat's legal page, which includes such tidbits as...
Disclaimer of Warranty UNLESS OTHERWISE EXPLICITY STATED, THE MATERIALS ON THE WEBSITE ARE PROVIDED "AS IS". ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. RED HAT MAKES NO REPRESENTATIONS, WARRANTIES, OR GUARANTIES AS TO THE QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF ANY OF THE MATERIALS CONTAINED ON THE WEBSITE. ANY QUESTIONS REGARDING THE MATERIALS SHOULD BE DIRECTED TO THE PROVIDERS OF SUCH MATERIALS.
I'm sure that I could find something similar at Caldera et alius. I'll leave that as an exercise for the reader.
"Let he who is without sin, yadda yadda yadda..." - Some guy.
I seem to remember reading somewhere about how people could look at the type on a piece of paper and decide which make of typewriter generated it. Too bad if it was a rare one... :)
The original article made no sense to me. This was an attempt by the overreactive anti-Microsoft community to bring out yet another security flaw. Not that there aren't plenty already. The original article needed much more substantiation before it was brought to the press.
:)
Frankly, I mistrust the freely available download to patch the bug more than I mistrust Microsoft's response. What a great way to fool people into downloading a virus: Call it patch!
Ofcourse it is true: MS does have a back door in Windows, it's called "ActiveX" or "Microsoft Office"
I'd like to point out two things regarding prior posts (which will quickly become lost in the sea of posts that follows my own.)
1) The key doesn't give access to your computer. It lets whoever has the key get access to your files IF they can get a program onto your computer (e.g. you're stupid and download something from a noname site.) THis is pretty rare, though, and a more likely scenario would be that the FBI arrests you for hacking and has a warrant to search your computer. (By the way, did you know that you're required to help them to gain access to your computer if they have a warrant? The USA is great.)
2) The NSA and other elusive government agencies already do bargain with companies and individuals. Since the NSA has a tough time duping good mathematicians, linguists, and programmers into signing away years of their life under a prohibitive contract, they often (or at least used to) call upon university professors (after following them around for a few weeks). If you need a good Cornish translator, what else can you do? I would assume they also make deals with various companies. Although they never do anything blatantly illegal, few employees like their practices, which is why they have such a hard time keeping them.
Sure, critisizing MS typos is a +1, but critisizing typos is usually a 0, at best. Nice objective journalism, kiddies. Does Andover know what agenda they bought?
Microsoft states that export controls are not affected. Yet I have heard several say that the NSAkey could be replaced by your own, thereby easily allowing strong crypto modules to be loaded by foreign customers of Windows. Who is wrong here?
Presuming the above to be true, and that it will be fixed in the next release, could this provide another disincentive for upgrade?
Don't you think the NSA might be a little pissed at MS for being dragged into this by a stupid mistake on their part? Not to mention the possible problem with strong encryption control.
Isn't it true that having two valid keys reduces the security of the keys against random guessing by a factor of two? Even if this is not terribly significant shouldn't it be something MS discloses to its customers?
Jim
I think its time to see if MS is lying. If the two keys are the exact same then I should get a smile on my face. If they differ then I'm unhappy.
Am I able to create my own signed package for the cryptoAPI?? If not, then I suggest that the RC5 teams around the world stop what they are doing and crack those two keys.
I don't think MS should have the right to decide what crypto is appropriate for the API. What if I wanted to make my own crypt system on NT4? I wouldn't be able too unless them RC5'ers get their act together and crack the two keys.
-Diz
It isn't a lie if you belive it.
Yes, Active-X uses a trust scheme - specifically that you trust MS (hah!) and their relatively public certification process. This security model has problems anyway, but that is the model. The second key provides a way around that model (no one said you had to trust the NSA). Hence, it is a BACKDOOR. Get it, now?
It can, however, validate code modules that fail to be validated by the first key.
From what I read of the response, it just gave Microsoft access, and they didn't give it out to third parties, including the gov't.
If I ran an NT server, I'd sure be happy that all the gooey goodness that is Mircosoft can go in and see if everything is ok, check on security updates, and get all the private information about my company so they can serve us better.
Ok, enough with the sarcasim (^_^), but this was just discovered and has been there since the begining. Makes you wonder all the stuff that's in NT that just hasn't been discovered yet.
http://ntbugtraq.ntad vice.com/default.asp?sid=1&pid=47&aid=52
seems to shed some good light on the subject. This find may be a good thing, allowing people to insert domestic crypto CSPs in export copies of windoze. In any case, as bad as M$ is, I'd check this one out thoroughly before passing judgement.
-moibus http://moibus.jfm.net/
Here's a thought, who's to say M$ didn't release the clue in the first case on purpose? After all they exactly friends with the goverment at the moment. Sure this would look bad on M$ but in the long run it certainly make you think about who has control over your machine.
Don't believe anything that Gates says.
Of course they've left a backdoor open for the government; it's all part of their negotiations with the DOJ: They've been given the green light to secure a monopoly so long as the government is allowed to access each and every computer that has installed Windows.
It's so painfully obvious that it pisses me off when people try to refute it. The government is *counting* on your passivity!
Why the backup key labeled NSA key?
This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as the NSA keys, and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.
Sounds like Orwellian double-speak to me. Up is down. In is out. NSA key is not for the NSA. Maybe Bill Gates' minions are taking disinformation lessons from the MIB of the NSA?
Where are Mulder and Sculley when you really need them...
A man who wants nothing is invincible
From the M$ article:
/incredibly/ short memory...
"Is the allegation true?
No. Microsoft does not leave "back doors" in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.
Remember Outlook Express? Remember the key escrow in that? Clearly M$ have an
true. pkzip has a back door on it's encryption courtesy of the nsa
Primary private keys don't get copied. They are P-R-I-V-A-T-E.
:)) And no copies exist. Making copies makes it no longer secure.
Example: The US govt stores private keys for on ONE computer, somewhere obscure, which has laser alarms, guards, etc. They even has computers where if someone touches them, they self erase to protect private keys!
Supposing MS is concerned about their keys, they would store those keys in one place, securely (probably on a Linux machine
A better idea is to make a second, entirely different key, that the NSA or some other trustable organization can store.
1. They claim the key is for backup. They would keep multiple key copies. They have buildings worldwide. They do not need two keys, especially when the dual key setup compromises the architecture 2. The second key is there as part of their export compliance. Im sure this is true. Im also sure that the NSA are behind the requirement and own they key in question. Why would the NSA want a key. Simple. To distribute trojaned crypto to third parties with no risk of microsoft being awkward or even knowing. There have been repeated cases of US crypto abuse like this. Be worried. Im sure the NSA -forced- Microsoft into this. So be damned sure they forced lotus, netscape and other people too. Stick to safe open sourced crypto. Non USA crypto is likely to be trojaned by other governments too. And blame the NSA not MS
Active-X's trust schema is the very thing this key circumvents. The trust is based on the assertions about A-X controls:
1. Everything from MS is 'good', and will work as advertised
2. Everything signed with an MS key must be from MS
The problem is latter... in this case, a parallel key was generated and (allegedly) given to the NSA to use, which could create whatever code it wanted for a user's machine. The stuff, having been signed by an authorized key (ie: from MS) would be immediately accepted upon receipt, in most cases completely transparent to the user. Further konspirasii theory suggests that there may well be hidden ways to 'inject' such code fiddlybits into people's machines with little or no warning or visible effect (say, a TCP/UDP port left open and listening).
This is typical Microsoft double speak. The article flatly states that Microsoft doesn't put any back doors into their software, but then it says that Microsoft has inserted two decryption keys into all versions of Windows that will allow them access to any Windows computer.
Their explanation is laughable: The second key is a backup in case the first one is destroyed through some kind of natural disaster. They give the impression that they keep the single existing copy of the first key locked up in a vault somewhere when we can be reasonably sure the key exists in multiple forms scattered throughout many locations and computers, and on countless backup devices.
Then they claim that the second key is named NSAKey by an unfortunate coincidence, but that it has nothing to do with our beloved "let's suppress the masses" agency. They go even further to say that the NSA does not have a key (suggesting that MS would not give the NSA a key). All it takes is for the NSA to demand it from MS (assuming you believe they don't already have it) and MS will pee its pants from the effort of complying.
And then we finally arrive at the crux of the entire matter. There shouldn't be ANY built in keys for any reason. Not only does every MS document created with MS-Office clearly identify the author, but now MS (and by extension, any government agency) has a built in back door to nullify any type of security dependant on the cryptographic API. Who knows what other security and privacy breaches are built in. There just doesn't seem to be any safe haven from Uncle Borg and co.
What I can say about it is that, for higher security, you don't usually make copies of the private key, even if possible. I won't enter the details of it, but put simply: how much would you trust a key that you can make copies of?
More to it: in high end security solutions the key is held in hardware, be it a smartcard or a more complex CA card or box. This pieces of hardware are initialized and they keep the key in such a way that is, virtually, impossible to copy out of it.
The bugger being: you loose the card, you loose the key. I even understand the double key, giving them a backup plan in case the first key is lost, and I see nothing wrong with it.
There is a problem in all this, and Microsoft didn't answer that bit, the most important bit of the issue: if it's so easy to change one of the trusted keys, as the original article showed, how can we trust the crypto units "certified" by Microsoft?
An scenario could be the following: Eve wants to see what's going on between Bill and Laura, ships to them bot a piece of software "signed by Microsoft", this piece of software, during the installation, changes the backup key to a key known by Eve, and installs the evil CAPI that makes a copy of all the communication going on between Bill and Laura, encrypts it with the public key of EVE and sends it to her.
Do you see the hole?
A smile,
Fabio
It is me, none else but me. And who would you be?
> Even if this were a real issue no one would believe it.
I would have said, "Even if MS is telling the truth (for a change), no one would believe it."
> People (mostly the Linux community) have cried wolf way to many times.
Heh. MS cries "wolf" regularly in the form of vaporware announcements, and a few people still seem to believe them.
> At this point everyone just assumes you are lying in order to promote your agenda.
I'm not so sure the story started among Linux advocates, and I know Linux advocates aren't the only ones raising the alarm.
And besides, what kind of agenda are we supposed to expect from Microsoft? They'd give use the same denial whether they were guilty or not. Their disclaimer proves nothing. Being utterly predictable, it was information-free.
If they do happen to be in the right (for a change), it would be no more than poetic justice to have them suffer a customer revolt based on misinformation. What goes around comes around, and all that.
Sheesh, evil *and* a jerk. -- Jade
From NTBUGTRAQ:
"Microsoft has two keys, a primary and a spare. The Crypto-Gram article talked about attacks based on the fact that a crypto suite is considered signed if it is signed by EITHER key, and that there is no mechanism for transitioning from the primary key to the backup. It's stupid cryptography, but the sort of thing you'd expect out of Microsoft."
I guess its sorta taken as a standard that someone else has, gee, found yet another weakness in MS. Even if its just an "academic" weakness.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
My real point is that no matter the encryption strength in an export program, there will be a backdoor for the U.S. government to walk through.
While only weaker security is allowed by law to be exported, I don't think it's stated anywhere in the U.S. code that the federal government must have its reserved backdoor.
Consider this in military terms: it's like exporting stealth fighter jets that are only 50% as undetectable as the original ones, yet putting a radio switch in them that will enable the U.S. to turn off the engines of the craft at will.
"Just in case our radars didn't pick it up..."
Not only would it be easy for federal agencies to crack into a foreign system running U.S. encryption, it's 100% sure that they will if they try!
As for domestic encryption, it would probably be too inconstitutional of the government to ban strong encryption from the streets. After all, it is regarded as a weapon, and U.S. citizens have the constitutional right to all fashions of exotic weapons...
If they really needed to get into your American 128+ -bit encryption, why bother cracking it, they might just come pay friendly visit, or tap your old analogic phone... (Ok, that's just a little too paranoid, but...)
marco baciarello
It doesn't matter. When one key is equally as effective as annother, for all intents and purposes, it's the same key! It doesn't matter if grabs one key or the other... they are equivalent. Plus, having two keys HALVES the time needed to crack it by brute force.
Its only 2^512 times more difficult if and only if the keys are prime. If the density of prime numbers changes as the number of bits increases then it is quite possable that a 512 bit key may be harder to break than a 1024 bit one.
Microsoft states that in order to reduce costs and expedite deployment of cryptographic modules, they implemented two keys in the event that their primary was lost. This rational is strictly invalidated by their principle means of distributing system updates, the service-pack dependency.
Deployment of a new key is trivial for Microsoft. They have demonstrated the capability to distribute sweeping changes to their operating system through the use of service-packs. Moreover, they have forced the installation of these service-packs through widespread use of software dependencies. One version of Microsoft Developer Studio, for instance, required not only the installation of SP3 under NT, but IE4 as well. A reasonable administrator accepts that software dependencies exist and expects to upgrade libraries to take advantage of new features; however, it would be absurd to argue that Microsoft is only casually aware of the power it exercises in this matter.
At any point in time, Microsoft can replace or update the CryptoAPI by requiring all newly-signed cryptographic modules to first install the appropriate service-pack. This circumstance is so routine for administrators that it could hardly be considered an exceptional solution.
Whether the NSA holds any of Microsoft's private keys may never be known. Why Microsoft implemented two keys is anyone's speculation. One thing is for certain however, Microsoft's statement that deployment costs alone governed that decision does not stand to reason. Microsoft deploys what it wants, when it wants, and achieves widespread adoption.
John Joganic
The J. Arkadia Corporation
I've sent a mail to CmdrTaco, asking for more coverage on the issue. Well, here it is, so I'll post the mail with a couple of thoughts (sorry, it's LONG):
/. author indicated before, an old CNN/IDG story (should be found here) confirms beyond any reasonable doubt that the NSA is involved with, and has authority over, any developing software that contains encryption of sort. The article hints that NSA makes arrogant, threatening use of U.S. encryption export laws in order to force companies to open 'reserved' backdoors in their software and/or to loosen their encryption.
As a
Aside from that single key found in Windows, which might or might not be the actual backdoor for the NSA (IMHO, it all looks a bit too naive to
be serious), it's guaranteed that one or more security holes exist in all apps created for the world market, i.e. 99.8% of all software around, from Sun's to AOL's. This is particularly fearsome to people and companies, like me, who are not American.
No software is 100% secure, I know, and the power and means of government agencies are enough to break into anything they really want to. We all know they're implicitly authorized to do anything, legal or not, to pursue their interests.
Yet, this is not a matter of cracking into a drug dealers computer to trace down their bank accounts, it's not government vs. bad guys.
This is something pre-emptive, addressing good and bad guys alike, all over the world.
Software producers in the U.S. are bound to report to the government about each step they take in to security technology, and they're required to always keep a copy of the keys for Uncle Sam to easily walk in.
It's not all about security, though...
Companies are forced to hire demanding professionals to handle the relations with the NSA (this is also stated in the article), to delay
their products because they haven't 'loosened up' enough, to strip away features from their products, and so forth.
It's all in the article, and it's a lot more frightening (to the security-concerned) and irritating (to simple home users like me) than one *hypothetical* backdoor key in Windows.
For once, it's not a matter of Microsoft kissing up to the government, this is the government pushing down on *all* software producers alike to
grant itself access to every kind of encryption capable, secure software available.
This is quite big, and IMHO it deserves some more attention. Please let me know what you think.
Thanks for taking the time to go through this long rant, hope it was worth it!
marco baciarello
on a happier note here is a song about linux
- Oh linux you are so stable,
ACYou are not a heffer when it comes to data,
Oh linux you are so stable,
Who else would be a slacker in a red hat going by the name little debbie?
Oh linux you are so stable,
I am just not getting free beer but cake too,
Oh linux you are so stable,
I would rather watch my kernel recompile than wrestle sable,
Oh linux you are so stable, sexy, and sweetening,
'If it aint broke, don't fix it' 2.0.32 works fine for me. what the hell is the use of constantly upgrading if your kernel works just fine?
M$'s explanation may very well be true. I certainly wouldn't put it past M$ and the NSA to buildback doors into cryptography software, but it certainly hasn't been proven that the "NSAKEY" is anything of the kind.
If M$ just claims that there's no back door, then the public has no way of evaluating the truth of the claim. There's only one way to settle the question once and for all, and that is by releasing the source code.
Always keep a sapphire in your mind
The important word is >their MS didn't say >We don't give others a way into our software.
Microsoft Security Bulletin
d efault.asp.
- --------------------------------
There is no "Back Door" in Windows
Originally Posted: September 03, 1999
Summary
A report alleges that Microsoft "may have installed a 'back door' for the National Security Agency... making it orders of magnitude easier for the US government to access their computers". This allegation is false.
What's the allegation?
The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.
Is the allegation true?
No. Microsoft does not leave "back doors" in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.
Are there two keys?
Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.
What's CryptoAPI?
CryptoAPI is a Microsoft technology for providing cryptographic services. Vendors can develop stand-alone cryptographic modules called Cryptographic Service Providers (CSPs), which can then be called by any program via the CryptoAPI interface. For more information on CryptoAPI, see http://www.microsoft.com/security/tech/cryptoapi/
What are the keys in question?
The keys are used to verify the digital signatures on CSPs.
Why do CSPs have to be signed? And why by Microsoft?
CryptoAPI is subject US export laws regarding cryptography. One element of this requires Microsoft to ensure that CryptoAPI will only load CSPs that meet US cryptographic export laws. This is done by digitally signing all CSPs. Before it loads a CSP, CryptoAPI verifies that the CSP has been digitally signed. Part of Microsoft's responsibility as the vendor for CryptoAPI is to sign the CSPs.
When a vendor has a new CSP that they want to release, they submit it for signing and show that all export licensing has been received. Microsoft then digitally signs the CSP, and it can thereafter be used by CryptoAPI.
Why are there two keys?
There is a primary and a backup key.
Why is a backup key needed?
The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows 95, 98 and Windows NT. Clearly, this would be a massive undertaking.
This is why there are two keys. If something befell the primary key, Microsoft could thereafter sign CSPs using the backup key. Because the backup is already in every copy of Windows, there would be no disruption to customers.
Why the backup key labeled "NSA key"?
This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as "the NSA keys", and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.
I heard that there is a third key in Windows 2000. Is this true?
There is a third key present in the beta versions of Windows 2000, but it does not provide a "back door". It is simply a test key that allows the developers to sign test CSPs while Windows 2000 is under development. It will not be present in the production version of Windows 2000.
Does this have any effect on CryptoAPI's compliance with US export law?
No. The CryptoAPI architecture is fully compliant with US export law.
Revisions September 03, 1999: Bulletin Created.
-----------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
© 1999 Microsoft Corporation. All rights reserved.
this
The important word is -their-. The NSA gave MS one of NSA's keys to incorporate into Windows. It wasn't an MS key being shared. See, it's easy when you know how to play with words.
MS didn't say -We don't give others a way into our software-.
When you understand these distinctions, you'll be writing performace reviews in no time.
Microsoft says "The CryptoAPI architecture is fully compliant with US export law," but I don't see how that's possible, given what we've learned.
The way Microsoft complies with US export law is that the CryptoAPI won't run any module which isn't signed by Microsoft. This way they can make sure than each vendor's module is "crippled" for export before it can be installed on Windows. If you try to replace Microsoft's key with your own, then CryptoAPI won't run, because it can't validate its own code.
But, perhaps more important than the presence of the "NSA" key itself, Cryptonym showed that it's possible for the user to replace the "NSAKEY" with their own, and still have the rest of CryptoAPI function just fine. This means that the user can install any crypto module they want, without having it signed by Microsoft (aka approved by the government) first.
This would seem to be a major flaw in the mechanism which is supposed to enforce export law. It will be interesting to see if the flaw remains in future versions of Windows, or whether the US government will force them to fix it.
now, how could anyone refuse?
incidentally, this has accidentally been through both a mac and a linux box since leaving ms, and is therefore highly offensive to every single person who reads /. Handle with care.
Microsoft Security BulletinThere is no "Back Door" in Windows
Originally Posted: September 03, 1999
Summary
A report alleges that Microsoft "may have installed a 'back door' for the National Security Agency... making it orders of magnitude easier for the US government to access their computers". This allegation is false.
What's the allegation?
The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.
Is the allegation true?
No. Microsoft does not leave "back doors" in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.
Are there two keys?
Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.
What's CryptoAPI?
CryptoAPI is a Microsoft technology for providing cryptographic services. Vendors can develop stand-alone cryptographic modules called Cryptographic Service Providers (CSPs), which can then be called by any program via the CryptoAPI interface. For more information on CryptoAPI, see http://www.microsof t.com/security/tech/cryptoapi/default.asp .
What are the keys in question?
The keys are used to verify the digital signatures on CSPs.
Why do CSPs have to be signed? And why by Microsoft?
CryptoAPI is subject US export laws regarding cryptography. One element of this requires Microsoft to ensure that CryptoAPI will only load CSPs that meet US cryptographic export laws. This is done by digitally signing all CSPs. Before it loads a CSP, CryptoAPI verifies that the CSP has been digitally signed. Part of Microsoft's responsibility as the vendor for CryptoAPI is to sign the CSPs.
When a vendor has a new CSP that they want to release, they submit it for signing and show that all export licensing has been received. Microsoft then digitally signs the CSP, and it can thereafter be used by CryptoAPI.
Why are there two keys?
There is a primary and a backup key.
Why is a backup key needed?
The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows95, 98 and WindowsNT. Clearly, this would be a massive undertaking.
This is why there are two keys. If something befell the primary key, Microsoft could thereafter sign CSPs using the backup key. Because the backup is already in every copy of Windows, there would be no disruption to customers.
Why the backup key labeled "NSA key"?
This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as "the NSA keys", and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.
I heard that there is a third key in Windows2000. Is this true?
There is a third key present in the beta versions of Windows2000, but it does not provide a "back door". It is simply a test key that allows the developers to sign test CSPs while Windows2000 is under development. It will not be present in the production version of Windows2000.
Does this have any effect on CryptoAPI's compliance with US export law?
No. The CryptoAPI architecture is fully compliant with US export law.
I don't really buy their answer, things get a little shakey here:
The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review.
This paragraph seems very strange in the context of all the others. They go to great lengths to explain to Joe User what it all means in all the other paragraphs with examples, but this paragraph is rather vague.
I think this is the key, (no pun intended!) they are saying that key has to be there to keep them in line with the NSA, but they don't explain what that means specifically.
The could have said that the NSA policy is that their system has to have a backup key, but they didn't say that. They said "compliance" and "technical review" two phrases I'd not like to see in the same paragraph as NSA!
Seem to me like they are brushing over this so they can cover themselves if some future truth comes out.
It seems to be Microsoft's policy to blatently lie about security issues "until a fix is ready for the public interest" - If the NSA do have a spare key for the CryptAPI then there cannot be a fix and so they'll cover the whole thing up. That would be in line with their policy!!
If this turns out to be the case, Microsoft will just cry that the NSA made them do it and even they can't screw with the NSA!!
The other critical point is the one made about the insertion of a new CryptoAPI key of the user's design. They don't even mention this though they happily quote from the article. Looks to me like thats pretty important too.
I hope other news sites will continue to pose this question to Microsoft and see if they can squirm out of this one!
Since 512bit RSA was cracked recently with not too much effort, I am pretty sure the NSA can break any public key crytography in real time. Check out their webpage and see the kinds of people they want (eg maths wizards)
I think that at the moment they love encryption, very few people using it and so they just break their keys and they can pick out the criminals without too much problem.
Once encrytion becomes mainstream (embedded in OS's etc) then this is going to be a major headache for them as they are going to have to crack everything. They know that once encryption is widespread people will start to ramp up the key lengths as CPU power increases. This is their fear and why they don't want crypto outside the US.
Wondering why they let it happen in the US? Because they have a million other ways to spy on you!
Believe big brother is *really* out there.
Who knows what under-the-table plea bargains have been/might be/will be reached and with which bunch of government spooks.
And if Microsoft gets a light slap on the wrist in the current trial, I guess everyone will understand what's going on (wink, wink, nudge, nudge).
This could be strictly true. However, US crypto software has to be reviewed by the NSA before an export licence is granted. This, to me, means the NSA will still have access to the key.
The fun thing is that no matter what the truth is, in the eyes of most they will never be able to climb out of that hole. Especially after the Hotmail fiasco. Such timing. : ))
-Bobzibub
I *love* this one:
:)
"Microsoft does not leave 'back doors' in our products"
In addition to grammar issues, this statement is laughable given MS's track record on Office-Windows-Outlook security "issues"
Do they really expect ppl to buy this line?
Try reading what I actually said. If you have *two* private keys, that's EXACTLY as vulnerable as having two copies of one private key, because compromising either one of those locations gives you the keys to the fortress. Actually, it's more vulnerable because a brute force crack will find one or the other in half the time.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Come on...
Microsoft says it doesn't have a back door into Windows. But then it says it is the only entity that has posession of both keys... which allow them to install encryption software? (Back door.)
Which brings up another topic. How do we know they've treated those keys like a holy relic and prevented Joe Hacker Employee from snagging their key? And if the Windows key is cracked, what happens?
Now this line about two keys for Microsoft's DISASTER RECOVERY? Come on. Having two different keys that are valid is just the same as having two copies of a single key that is valid. They're LYING if they say it is for disaster recovery, or they're just plain STUPID about how their key works.
And we're also to think that each key is only kept at one site? And maybe even only one copy, and isn't covered by a data repository that could be backed up and restored at a different location? And they have to pull a piece of paper out of a vault every time they need to sign something?
Nice try at spin control, but Microsoft PR needs an upgrade. This version is buggy.
THe thing is that the NSA has far more power than the anti-trust division of the DOJ. DO you actually think the NSA would negotiate with anybody? One, because of their power, they simply don't have to, and two, they would never want to set a precedent that says that ehey had to meet anyone half way.
maybe this sounds a little conspiratorial (that's ok), but, just because microsoft isn't telling (what we precieve to be) the truth does not mean that they are lying either. we all know how microsoft loves to twist things, leave certain pertinate information out and tell things from 'a certain perspective' (a la obi wan kenobi), but, if they are doing things like building backdoors for the nsa, do we really believe that the nsa would let them tell everyone that? of course not. as much as it pains me to say it, we all know that windows (in some flavor or another) is by far the most widely used operating system for personal computers in the world. what does that mean? well, you're average terrorist or drug dealer or whatever is probably not running a linux/bsd/un*x box and probably not running os/2 either. we know that they don't use ms-bob (for those who don't know the security reasons behind this i'll explain below). so, what does that leave behind? i'm 99% sure as are most of you that these upstanding, law-abiding drug-lords/terrorists/etc. are using windows. now, instead of having our computer spys spend hundreds of hours cracking a system, why not have a backdoor? would the nsa want this to get out? of course not. microsoft is then payed off/bullied/given lieniency in court/whatever to keep this secret and deny it. don't other companies and indeed intelligence agencies the world over deny that they are doing something only to admit and declassify 20years later? ex. area51/stealth bomber/rosenberg trial.
i'm not out to take microsoft's side in this (not by any streach of the imagination) by making them look like the good guys, but, the fact that they have the so-called 'keys' is (to me) evidence inofitself that ms is working with the nsa. why else would they have them? i don't believe that linus torvalds or patrick volkerding have keys to my slack systems. i simply believe that they aren't telling us because they can't.
a few words on the security of ms-bob:
for those of you who aren't aware, microsoft bob was the by far the most non-optimal solution for a 'friendly operating system' that the world has ever seen. it was released approximately 7 years ago. it's whole interface cause scores of curious (as to what crap was being pushed) hacker to madness and reduced strong men to tears (of laughter). it was sold under the adline of 'everyone needs a nice computer'. anyhow, bob had 'password' capability. however, if the wrong password was entered three times, instead of locking the system, bob assumed that the user had forgotten their password and asked if they would like to erase the current one or set a new one. ah, the benefits of a secure ms-system! its kind of scary to think this came from the sick corporation that has the vision of 'windows ce' one day controlling the breaks in our cars.
No one should be surprised about this backdoor left open to the NSA. Has everyone forgotten that the NSA snoops all things transmitted in the entire world?
/dev/null cause
Or has everyone actually forgotten the other agencies in cahoots with the NSA to provide unsecure data transmissions in every shape form or fashion worldwide?
Everyone can cry foul all they want but the sad reality is there is nothing anyone can do no matter how
hippiesh you think your going to get about the matter.
Hippiesh == reversion back into the 60's type radical fighting for a
The NSA should not be taken lightly in the Linux community to those who aren't familiar to programming and coding, since anyone can backdoor scripts and bineries to have information mirrored to another destination.
Its a sad crying shame but its part of the worldy balance of good and evil no matter how cheezy it may sound.
What if there were no NSA, or FBI? How chaotic would things be, no matter how you think of it. Things
would be in a sad state worldwide. I in no way agree with the methods, and I highly doubt someone at the NSA would randomly pick someone to "monitor."
So unless you're doing something highly illegal why even bother pissing a bitch and flying off the rocker? While it is unethical it's the NSA... They're bound to snoop things one way or the other so the best way to handle the situation is to go on with life...
Want Root?
Ok, people, get this through your heads.
.zip files, to guarentee it was from the author of a program? (ala PK Ware).
This is NOT A BACKDOOR.
It's a way of signing/verifying documents.
Don't you people remember having signatures on older
Does that mean pkzip 4.08g is a backdoor? no.
Has Microsoft ever heard of a thing called a "warrant?" There's simply no reason why any legal enforcement agency couldn't get access to M$'s key anytime they came up with probable cause and a good enough reason.
From the news article posted above:
Need I say more?
http://www.geocitie s.com/ResearchTriangle/Forum/2553/backdoor.htm or http://slashdot.org/comme nts.pl?sid=99/09/05/1030228&cid=55
Jeez, get a life. Get at least 2.0.38 please.
No, I got the same page, yet the IIS scripts claim I have 2.0.32, not one of the 2.2 kernels. Why they don't just write a page and post it with a simple link is befond me. They must have a network of scripts to spin every document that comes out of that place.
Its like they are trying to automate thier PR department by scripting. I'm waiting for someone to come up with a Microsoft PR generator page so anyone can create hype with a spin on the fly.
damn it, i knew we should have stuck to typewriters, no way the NSA could track me for using one of those...
"...disaster destroyed the building in which it were kept, all of the previously-signed CSPs would
continue to function normally, because the key used for verification exists in every copy of Windows..."
could be arranged....
-- - ted
char *stupidsig = "this is my dumb sig";
> The keys in question are the ones that allow
> us to ensure compliance with the NSA's technical
> review. Therefore, they came to [be] known
> within Microsoft as "the NSA keys", and this
> this name was included in the symbol information
> for one of the keys.
What this is saying is that because the NSA was involved in the review of their cryptography software, when they decided to make a second key for themselves, they would call it "NSAKEY"?
Even stranger, according to Microsoft, their second key has nothing to do with the NSA's technical review. It was added so that would have a backup of their key for disaster recovery.
But even THAT doesn't make sense, since if you are going to create a second key and store it at a second location, that makes less sense than simply storing a copy of the primary key at another location.
And what does Microsoft have to say about the security within their company of either key? Is it always kept under lock and guard? Is it embedded into an approval program? Nobody has ever had a chance to copy it? At both locations?
Even then, does anyone here believe that the NSA has been totally unable to crack it?
i wonder who wrote this security advisory. maybe they shouldn't depend completely on microsoft word or whatever they use and try proof reading. "because we because we don't believe they are in the best interests of consumers or the industry. "
and I assume it is grossly unfair to make the assumption that MS has a private agenda to protect?
Ex Libris Veritas
Then it doesn't matter whether Microsoft gave it to the NSA, since they probably already have it.
Microsoft providing a clear, well-thought answer with no marketroidian bias? Seems that we are having success in making Microsoft do things better.
Maybe in a few years, Microsoft will cease being the Evil Company we all learned to hate and will become a friendlier one.
And without silly marketroids screwing everything.
I'd call this a priority one red alert in building three. Do you think they'd let the usual team handle this one? The speech is different because the speaker is different.
Don't you have the Unix programmer's bad sense of humor? NSAKey is a _joke_, let's not be that paranoid!
Besides, we don't use Windows, do we? We should be more concerned with Unix security then.
First they say "nsakey is just a note to ourselves that the nsa has inspected and approved this version..."
Well this is fine except for the fact that it is a key... people do not make notes on keys. Keys have one and only one purpose, to open locks...
Now they say it is a backup key.
So caught in their first lie, they make up another...
Lets look at this one.
A backup key, different from the first because the original key may be lost in a "natural disaster".
They cant keep the same key in two locations?
2 keys in the same location are more secure than 1 key at two locations? Doesnt the existance of 2 keys reduce the effectiveness of crypto by a factor of 2? So even if they have not releaased the key... It is now MUCH more succeptable to attack.
The only way to accomplish this "backup" is to have a second key that allows replacement of my crypto? without my knowledge?
yeah. right.
Export controls are not affected? How so. I can replace the crypto module, in violation of the laws of MANY countries.
Why has only the "backup" key has its name stripped for all these years?
They are called NSAKEYS becaause of the internal MS refeerence to them? Then why arent they called NSAKEY and NSABAK?
This is very similar to the magic database they were building "without transmitting data to Microsoft Corp". Must be nice to run an o/s thats smart enough to build and manage a database on its own.
They lied about it until they couldnt any longer, then simply stated it was an "oversight".
Once again, we have to determine their truthfulness by checking to see if their lips are moving.
Ex Libris Veritas
I found that funny (well, not at the time) as well. It's sort of a chicken-and-egg situation. I wanted to download the newest SP after I installed it (or at least SP4) but found I couldn't even view any pages on Microsoft's site. I had to go and download Netscape then go to Microsoft's site and download the SP and IE4. Thank god I don't need to use Mickeysoft OS's for anything other than games anymore. :-(
its allows loading dummy trojan software whcih could transmit your PGP private key back to the NSA too. Loading unautohorised software means that anyone can set up a digital channel (think remote version of command.com) and do *anything* they want to on your system without your knowledge.
I use Windows but I don't see how this could be a problem. I'm not very technical but from what I understand this only does one thing. It 'allows' the OS to load encryption software. Now even if the NSA could 'allow' certain encryption into Windows, how does this let them 'get in' my system? Why couldn't I just trust PGP?
NSAKeys or not, they are backdoor keys and THAT IS THE TRUE ISSUE HERE!!!.....no backdoors should ever be implemented in a project which is used worldwide...your reputation is at stake if you ever have your system compromised...WAKE UP!!
Jeez, get a life. Get at least 2.0.38 please.
Honestly, why does it matter if there are 1 or 2 keys? OK, so MS created another key and gave it to the NSA, then lied about it. How is this situation different than if they created only one key and simply shared it with NSA? And, of course, lied about it?
We don't have the source, so the question boils down to whether we can trust the provider, not how many keys they might make.
What else can I say? Another sign is stupid excuses. Why couldn't they store one key in two places in case of a "wind storm."
While their explanation shows signs of lying, I can't understand for the life of me why, if the NSA wanted a "back door" into Windows, they wouldn't just demand a copy of the Microsoft secret key.
unfortunately everytime they cried wolf a wolf did appear but everyone ignored it anyway.
Even if this were a real issue no one would believe it. People (mostly the Linux community) have cried wolf way to many times. At this point everyone just assumes you are lying in order to promote your agenda.
I believe that this just gives the NSA (or MS, for that matter) a way to insert a compromised module, given that they can access the machine already. They have to break into the machine (Back Oriface, physical access) to insert that compromised module. Given that they made the first step, they could just as well inserted an entirely new DLL or a background program to record keystrokes or whatever. It is as if they convienently wrapped up the family silverware in a nice carry bag, but we think the door is still locked and the alarm is one. Of course, being a closed-source system, it's hard to be sure of that either.
1) Why not keeping the same key on 2 different locations, instead of having 2 keys on 2 different locations? M$ explanations stinks...
2) Ok, even if you REALLY WANT to have 2 keys instead of one - why you don't say that to your customers? You liars...
3) Since M$ didn't DENY that it is possible to compromise whole crypto subsystem by replacing the 2nd key - I understand that it IS possible to compromise the security of Win* machine(s). Won't M$ try to give us more information? Something sweet, what they usually try to sell us...
4) I'm really tired of that 'NSA conspiracy' - but in the way that people say "NSA can get it anyway...". Hey, NSA *does have* some good people, but there are good people all over this planet. They are just HUMANS, as we all are (well, they might be bit more brainwashed, but the core is still the same). They are not Supermans, they will grab anything they can - so I wouldn't be surprised if they had a small role in all this. If you are the best hacker on this planet, would you ever consider using brute-force in order to get into the system? Bet you would... The same way, NSA would use anything they can. Why have 1 thing, when you can have 2 (or more)?
5) What is next?
Thank you Microsoft! 1 year ago, I had a VERY HARD TIME trying to convince my boss that we should dump all Windows machines out of the company. Today, the boss wants to dump Windows by himself - my help is not needed anymore. I got what I wanted.
Looking at the big picture, we all get more & more paranoid every day, just because of idiots in various '3 letters agencies' that think they are 'above us'. Well, as long as they bleed, sleep and go to the toilet - they are just as ordinary as all the others.
Must be that they've been REALLY heavily brainwashed...
Did someone forget to bring that up at the staff meeting? :-) "Hey.. I've got an idea. What if we were to make a copy of the key and store that copy in a very very safe place on the other side of the world?? Then if Microsoft HQ is destroyed by an A-Bomb terrorist attack we could retrieve the key from there!"
Microsoft does not `share' keys with government agencies. Perhaps it `escrows' them with government agencies, though. Perhaps it's even a requirement of them getting NSA approval for the crypto system. Who could argue that escrowing a key with NSA wasn't secure offsite storage?
The nice man at the NSA said he wouldn't read it.
"There are four boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order." Ed Howdershelt
Not to defend MS here; but being "devils advocate":
What I am seeing between the lines here is that what if the REAL reason is that they want a second key so that if the FIRST key is compromised in any way (natural disaster or otherwise), they can use the second key to "revoke" the validity of the first key, and use the second key to install either a new key uncompromised key.. (without distruption to the millions of windows users). In this scenario the second key MUST be different from the first key, and stored elsewhere securly, and ONLY used in the case of the first key being compromised/destroyed...
recent versions of PGP and other cryptographic software also have that ability...
[one wonders if they already did that {replaced the first key}... through several of the MS "required" updates, without the user knowing]
https://www.mav.net/teddyr/syousif/
--
Time is on my side
is ringing like crazy today. Damn they're
shoveling it pretty deep today. The NSA
reviews their system but doesn't have a copy
of the key they review? Pardon me if I've
misunderstood, but how wouldn't they have the
key, exactly? The NSA is known (or at least
well rumoured
suppliers put backdoors in the system for them.
MS Admits to having the NSA check over their code
suuuuuuure there isn't a backdoor for them...
And my ass isn't hairy....
-- Lally "Hairy Ass" Singh
--
Insanity Takes Its Toll. Please Have Exact Change
Care about electronic freedom? Consider donating to the EFF!
This would prove nothing. THe NSA as well as MS has an interest in this going away, so the NSA will just sign something for them. Don't set up spurious tests.
Microsoft Says Speculation About Security and NSA Is "Inaccurate and Unfounded" http://www.microsoft.com/presspass/press/1999/sept 99/rsapr.htm
I'm a bit disappointed to be honest. MS respond to the hotmail attack by saying it wasnt a major problem and y'all (probably rightly) have a go at MS for giving evasive PR crap.
/. is awash with "LIES FROM MS" posts.
/. people who see the word MS and hit the flame key without taking the time to consider the case on its own merits.
Now they give a fairly detailed explanation that - to me (although I admit to not knowing crypto stuff) - seems to make some sense and be quite believable.
Instantly
OK, some of the posts I read gave decent, thought out critiques to suggest the statement was fishy. But a whole lot more of them smack of the sadly very-common attitude of some
Wouldn't the first key be more than enough of a hole? Scenario. Be VERY generous, and give M$ the benefit of the doubt (regular programming will resume in a moment ...) that the text of their response is true. This means that M$ has control of what crypto algorithms you can install into Windoze using their API, theoretically those which "comply with the export laws." Doesn't that possibly mean they will only approve those which have a backdoor? Of course, you could (as I would probably do anyway, if I ever had the desire to program a Windoze machine) skip the API entirely.
-drstatgeek (close enough, at least
why should anyone be worried about *back* doors when the *front* door is wide open? i can't see why a compromise in the security of the backend would be such a big deal when the security of the front end is for all purposes nonexistent.
maybe that's just me though
DO NOT LEAVE IT IS NOT REAL
*IF* Microsoft has half a clue, they're using a *hardware* encryption key to sign their most critical information. These are devices that require physical keys to operate, and they are designed so that they won't reveal their private keys. (Some allow "cloning" another hardware device, others do not.) In practice, these are items that are kept in your deepest vault and used to sign the software keys that you use for routine signing.
Assuming MS uses one of the latter, having a "hot spare" might make sense...
... except, as the BUGTRAQ article notes, Microsoft's explanation still makes absolutely no sense. There's no apparent key hierarchy (isn't the crypto key signed by a master MS key?), there's no apparent rollover mechanism, and there's the insane assumption that there can only be one major physical disaster befall Microsoft. That's crazy; during the World Trade Center bombing at least one company had lost both primary and backup sites!
Ironically, I find this makes MS's story seem *more* likely. The corporate culture is notorious for its "performance is not my problem; computers will be faster next month" mentality, and this ill-informed, brute force way of dealing with the subtle issues of key management matchs that culture!
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
1. They claim the key is for backup. They would keep multiple key copies. They have buildings worldwide. They do not need two keys, especially when the dual key setup compromises the architecture
When you care about security, you have a policy of *NEVER* duplicating a key, no matter what the reason. Allowing duplication gives holes for the key to escape and be compromised.
Think about a building security system. Are you going to give your employees the master code? What if a disgruntled employee decides to change all the codes and not let anyone else in? That's what the master key is all about. Why do you need root if you can give a user root priveledges?
The second key is probably the Master key. The key that is used by everyone else is likely a lower security key with fewer capabilities (such as replacing the keys themselves).
2. The second key is there as part of their export compliance. Im sure this is true.
How is this a flaw then if you're agreeing with it?But I'd ask the more general question: why does this surprise anyone? NT is not an open source product. It would be easy for any developer on the project to slip in a backdoor. Based on experience with other large software systems, I'd expect there to be dozens of backdoors in NT system and applications software. I wouldn't trust NT security further than I can throw a year's worth of MSDN CD's and documentation.