"Larry Q." wrote:
>
[snip]
> Your link is to an article from the 1990's which has been categorically
> debunked several times already. Here's one from cryptologist Bruce
> Schneider that basically makes this dofus look almost as stupid as you. He
> shot down this theory a few months after it was first released.
>
> http://www.schneier.com/crypto-gram-9909.html
But Schneier has missed a couple of important points. He states that the
NSA could simply use Microsoft's key to sign compromised modules. But
that leaves Microsoft in possession of the signing keys (the private
key). 'Microsoft' includes many foreign subcontractors, any of which
could reverse engineer the NSA module to disable any back doors and
re-sign it. With its own signing key, the NSA could prevent this from
happening.
As Schneier points out, the Windows platform is easy to compromise
without hacking its encryption modules, so its unlikely that the NSA
would use its key for its own internal security.
Its possible that there the 'NSAKEY' means nothing, or that this was an
Easter Egg placed in the code base by some Windows developer with a
sense of humor. But circumstantial evidence points to some sort of
intelligence involvement since Microsoft's compliance with its DoJ
settlement is administrated by the presiding judge of the Foreign
Intelligence Surveillance Court.
--
Paul Hovnanian mailto:Paul@xxxxxxxxxxxxx
------------------------------------------------------------------
"Yee-Ha!" is not an adequate foreign policy.
|
|
