In message <[EMAIL PROTECTED]>, Peter Gutmann writes:
> Revealing the fact that CryptEncrypt() maps to a function in the
> crypto hardware called ENCRYPT probably isn't a major threat to national
> security. Existing PKCS #11 drivers also reveal details of classified crypto
> algorithms like Juniper and Baton without this being a major problem. I don'
> t
> think this is a valid claim.
As much as the NSA would like to use only hardware for encryption, they -- or
rather, their customers -- can't afford it. SKIPJACK wasn't published for the
sheer joy of it; it was declassified because NSA wanted it deployed on
insecure platforms, in software.
Sure, they want to use hardware. But the armed forces -- the folks who use
all this fancy crypto -- are under tight budget constraints, and don't want to
add hundreds of dollars worth of extra gear to $600 PCs.
>
> ActiveX means every Windows machine is vulnerable (see Richard Smith's talk
> at Usenix, reported in Wired, for details). What you do is use one of the
> zillions of ActiveX holes to install the trapdoored crypto, and the NSA
> signing key to make sure it loads. If you're not the NSA (or whoever it is
> who really have the corresponding private key), you use ActiveX to install
> the trapdoored crypto *and* replace the NSA key with your own, and that'll
> also make sure it loads. This is at least as big a threat for US users as
> for non-US ones (imagine a site like www.hotbabes.iq or www.freewidgets.sy
> which quietly sidegrades the crypto of everyone connecting from a .mil
> address to get an idea of the implications).
The ability to abuse ActiveX creates far bigger holes than this. Tell me --
if you'd just heard of Smith's talk and no one had found the NSA key, wouldn't
the threat from www.hotbabes.iq still be serious? I think so. But the NSA
key -- if it had been protected by Microsoft, as its own public key seems to
be -- provides some insurance against the crypto module being replaced this
way. That's also why the MS-signed module wouldn't be just a shim -- NSA
really does want some assurance. (Of course, their customers want to use
Windows, which makes a mockery of that assurance...)
I heard the talk at CRYPTO; my immediate reaction was the same as Schneier's
and Kuhn's -- this is simply NSA's way of adding their own crypto, without
having to ask Microsoft's permission. Having the key added was probably part
of the quid pro quo for granting export permission to the entire scheme.
--Steve Bellovin
