At 02:25 PM 05/19/2000 -0400, Arnold G. Reinhold wrote:
> ..... But a cooperative relationship between Microsoft and NSA
>(or any vendor and their local signals security agency) can be more
>subtle. What if Microsoft agreed not to fix that bug? What if
>Microsoft gives NSA early access to source to look for bugs? The NSA
>may not need much more than an agreement that certain portions of,
>say, the RNG object code will never change (or only change
>infrequently, with lots of notice). That might be enough to insure
>that NSAs viruses and Trojan horses can always find the right spot to
>insert a patch that weakens random number generation.
This is one of the more believable scenarios I've heard for back-doors
supported by organizations outside of Microsoft. I remain skeptical that
NSA, Microsoft, or anyone else can build a truly foolproof back-door (i.e.
one that doesn't spring open by mistake when Matthew Broderick happens to
call). I doubt NSA would want to entrust national security on the
problematic behavior of a software flaw as opposed to a throughly designed
and analyzed back door mechanism. But I like the idea of diddling with the
RNG. People are unlikely to look for such an attack, but it gets them what
they want, especially when they use best crypto practices and change keys
often.
>It may be time to question whether we should ever expect that mass
>market operating systems from commercial vendors will protect users
>against a targeted attack from a high resource operation such as the
>major signals intelligence agencies. .....
I think there's a much more profound risk of such a back-door being
installed by a hostile overseas organization or by organized crime. If the
NSA approaches Microsoft to acquire their support of NSA's surveillance
mission, then the information will have to be shared with a bunch of people
inside Microsoft, and they're not all going to keep it secret.
On the other hand, any well-heeled organization could approach a single
disgruntled employee with a hefty bribe (say, a recent employee with newer,
less valuable stock options). If the employee is involved in bugfixing, the
organization could probably purchase a back-door. The employee will have a
strong motivation to not tell anyone about it since it would get him fired,
it might be in violation of various laws, and the folks who paid him might
come after him if word gets out. Those same motivations for silence aren't
as much at work if someone is told to do something on NSA's behalf as part
of their regular work duties.
I suppose if the mafia or the KGB-du-jour can do this, then so can the NSA,
if there's a bureaucrat there who's enough of a risk taker and has enough
motivation. I remain skeptical that there's anyone there with enough budget
and guts to take that approach to data collection, regardless of the
perceived benefits. Too much risk to the career if word gets out.
Rick.
[EMAIL PROTECTED]
