------- Forwarded message follows -------
Send reply to: [EMAIL PROTECTED]
From: "William H. Geiger III" <[EMAIL PROTECTED]>
Date sent: Fri, 03 Sep 1999 11:04:16 -0500
To: [EMAIL PROTECTED]
Subject: [PGP]: Re: NSA key in MSFT Crypto API
[ Double-click this line for list subscription options ]
Well I have written a considerable amount on the untrustworthiness of
Microsoft, mostly this was based on their incompetence when it came to
data security. Now we have evidence that they are in bed with the NSA
and likely the FBI also.
It's very simple folks, if you don't have the source code you can't
trust the software. It is unfortunate that NAI has chosen to make use
of crypto modules in their products that have not been peer reviewed
(CAPI & BSAFE) and in the case of CAPI, one that seems to be
compromised.
----------------------------------------------------------------------
--- The following message is forwarded to you by "William H. Geiger
III" <[EMAIL PROTECTED]> (listed as the From user of this message).
The original sender (see the header, below) was "Lucky Green"
<[EMAIL PROTECTED]> and has been set as the "Reply-To" field of
this message.
----------------------------------------------------------------------
--- >From: "Lucky Green" <[EMAIL PROTECTED]> >Date: Fri, 3 Sep
1999 00:21:01 -0700 >Message-ID:
<[EMAIL PROTECTED] o> >MIME-Version:
1.0 >Content-Type: text/plain; > charset="Windows-1252"
>Content-Transfer-Encoding: 7bit >Subject: NSA key in MSFT Crypto API
Andrew Fernandes tonight published the results of his reverse
engineering of Microsoft's Crypto API (CAPI). [This builds on work
done by Nicko van Someren from nCipher].
Background: MSFT CAPI comes pre-installed with two keys used to check
the validity of a Cryptographic Service Provider (CSP). The holder of
either key can install operating system security services without user
authorization. The first key is used by MSFT to sign their own
security services modules. The identity of the second key holder until
now been unknown. That is to say until MSFT forgot to strip the binary
of NT4 SP5 off debugging symbols.
Perhaps not surprisingly, the debugging symbol for the second key
is... _NSAKEY,
For more information and a program to remove the NSA's key from your
copy of Windows 95, 98, NT, 2000, see
http://www.cryptonym.com/hottopics/msft-nsa.html
Note that Windows 2000 includes not just two keys, but three keys that
can sign modules that will control security services on your copy of
Windows.
Word has it that the third key belongs to the FBI. So far, there has
been no independent confirmation of this rumor.
--Lucky Green <[EMAIL PROTECTED]>
-----------------------------------------------------
-- End of forwarded message
-----------------------------------------------------
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------
----------------------------------------------------------------------
--- To retrieve this thread, e-mail:
[EMAIL PROTECTED] To unsubscribe, e- mail:
[EMAIL PROTECTED] For additional commands,
e-mail: [EMAIL PROTECTED] DO NOT send administrative
requests/command to the list! Thanks.
------- End of forwarded message -------
Bill and Hillary - at least their friends have convictions! DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
