----- Original Message ----- 
From: "Peter Gutmann" <[EMAIL PROTECTED]>
> [...]
> If you think that's scary, look at Microsoft's CryptoAPI for Windows XP
> 140 certification.  As with physical security certifications like BS 7799,
> start by defining your security perimeter, defining everything inside it
to be
> SECURE, and ignoring everything outside it.  Microsoft defined their
> as "the case of the PC".  Everything inside the PC is defined to be
> Everything outside is ignored.

I believe that is typical of most software crypto modules that are FIPS 140
certified, isn't it?
It classifies the module as multi-chip standalone.

This is why you get requirements of the type that it should run on Windows
single-user mode, which I take to mean have only an admin account.  This
privilege escalation attacks (regular user to root) that are easily done.

I think this is reasonable, since you really are relying on the OS and the
PC for the
security of the module.

More scary to me is stuff like
"DSSENH does not provide persistent storage of keys.  While it is possible
store keys in the file system, this functionality is outside the scope of
this validation."

This is where Microsoft's CSPs do the dirty work, and use what is called
the Data Protection API (DPAPI) to somehow safeguard keys somewhere
in your system.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to