Andrew Fernandes tonight published the results of his reverse engineering of
Microsoft's Crypto API (CAPI). [This builds on work done by Nicko van
Someren from nCipher].
Background: MSFT CAPI comes pre-installed with two keys used to check the
validity of a Cryptographic Service Provider (CSP). The holder of either key
can install operating system security services without user authorization.
The first key is used by MSFT to sign their own security services modules.
The identity of the second key holder until now been unknown. That is to say
until MSFT forgot to strip the binary of NT4 SP5 off debugging symbols.
Perhaps not surprisingly, the debugging symbol for the second key is...
_NSAKEY,
For more information and a program to remove the NSA's key from your copy of
Windows 95, 98, NT, 2000, see
http://www.cryptonym.com/hottopics/msft-nsa.html
Note that Windows 2000 includes not just two keys, but three keys that can
sign modules that will control security services on your copy of Windows.
Word has it that the third key belongs to the FBI. So far, there has been no
independent confirmation of this rumor.
--Lucky Green <[EMAIL PROTECTED]>
