I don't know if this can interest someone on this list, but in the attached
announce, together with and open source implementation of MS CSP, you can
find a tool that can be used to substitute the _NSAKEY in the advapi32.dll.
ciao
Sergio Tabanelli
Project Manager Consultant
Fabbrica Servizi
I have cheked again and I have found that I was completely wrong the NSAKEY
is still used and the verification process does not change in W2K.
I am realy sorry and I apologize for my big mistake.
Sergio Tabanelli
-Original Message-
From: Victor Duchovni [EMAIL PROTECTED]
To: Sergio
Maybe this is not so important, but I have to repeat that in W2K OS the
NSAKEY is still present but not used. All CSPs are verified only with the
primary key and if the verification process fails the CSP module is
discarded without any further verification.
Sergio Tabanelli
-Original
. If you start with only the universe of easy words,
the maximum entropy of your passphrase is is limited. Pull, stretch,
squish and mangle it any way you like -- you cannot increase the
entropy of something by a deterministic algorithm. You can at best
obscure it well --Perry]
Sergio Tabanelli
Sergio Tabanelli wrote:
[About OffloadModExpo]
[...]
4. In any case in my opinion it is completely unacceptable that a system
administrator can access userss private keys without the user
knowledge and
assent.
I don't see a way to prevent an admin from gaining access to a user's keys
it public.
Sergio Tabanelli
P.S.
I've checked again for this functionality in NT4 sp3-4-5-6 low and high
encryption packs, and I didn't found it, I think that this is a realy
strange think, if I am not wrong, this means that the secutity patch is for
a non functionality. I've also to confirm
