[OT] more from Cryptome on NSA, Windows firewals, mail services

Paul Syverson syverson at itd.nrl.navy.mil
Thu Jan 3 04:24:24 UTC 2008


At the risk of jumping into a conversation I barely skimmed, it sounds
like you're talking about something Nicko van Someren described at the
rump session at CRYPTO 98 and expanded on in "Playing 'Hide and Seek'
with Stored Keys", a paper with Adi Shamir at FC 99. My remembered
impression of the presentations was that it was pretty interesting
stuff that was well researched and analyzed.  Apologies if those
references have already been mentioned (or are not actually what
you are talking about).

Hope that helps,
Paul

On Wed, Jan 02, 2008 at 08:58:24PM -0600, Eugene Y. Vasserman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Thus spake Ringo Kamens, on 1/2/2008 8:51 PM:
> > A new vista service pack just "upgraded" to that "backdoored" random
> > number algorithm. Suit yourself in believing Microsoft.
> 
> I'm not defending Microsoft, I'm just trying to see things from both
> sides. They're not NECESSARILY adding a back door. The algorithm is
> included in a standards document - Microsoft added it because some
> customers will ask for it. SP1 also adds AES-GMAC.
> 
> Eugene
> 
> > Comade Ringo Kamens
> > 
> > On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman < eyv at cs.umn.edu
> > <mailto:eyv at cs.umn.edu>> wrote:
> > 
> > Thus spake Ringo Kamens, on 1/2/2008 4:17 PM:
> >> Also, see http://www.schneier.com/essay-198.html
> >> And yeah, I was talking about the NSA key.
> > 
> > Personally (and god help me), I believe Microsoft when they say the key
> > is not a key back door key. If it was, I wonder if they would name it
> > "NSA". Or is that what they want us to think? :)
> > The Schneier essay about the random number generator is more
> > interesting, and worth reading.
> > 
> > Eugene
> > 
> >> Comrade Ringo Kamens
> > 
> >> On Jan 2, 2008 4:24 PM, Nick Mathewson < nickm at freehaven.net
> > <mailto:nickm at freehaven.net>
> >> <mailto:nickm at freehaven.net <mailto:nickm at freehaven.net>>> wrote:
> > 
> >>     On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman
> > wrote:
> >>     > Thus spake Ringo Kamens on Sun, 23 Dec 2007:
> >>     >
> >>     > (snip)
> >>     > >    Also, we know the NSA and DoJ have engaged in
> >>     > >    this type of activity in the past such as "working" with
> >>     Microsoft to
> >>     > >    secure vista and having their private key inserted into
> > windows
> >>     > >    versions so they could decrypt things.
> >>     >
> >>     > I've heard of the Vista bit, but what are you referring to,
> > as far as
> >>     > having a decryption key for Windows stuff? I know they had
> > one in...
> >>     > What was it? Lotus Notes?
> > 
> >>     He's probably referring to the "NSAKey" key in NT 4.  For more
> >>     information, see
> >>       http://en.wikipedia.org/wiki/Nsakey
> > 
> >>     It's a secondary code-signing key, allegedy to be used if their
> >>     primary code signing key needed to be revoked.
> > 
> >>     If you believe Microsoft, the key was called "_NSAKEY" because
> > it was
> >>     introduced in order to meet NSA requirements for a secondary key.
> >>     Naming things after the software or organization that requires
> > them,
> >>     rather than after their actual purpose, is not unusual for
> > Microsoft:
> >>     Their office XML spec is littered with stuff like the notorious
> >>     AutoSpaceLikeWord95.
> > 
> >>     Personally, I don't believe that contemporary operating
> > systems are so
> >>     secure that the NSA would rather have security holes
> > custom-built for
> >>     it instead of just using the ones that are already there.
> > 
> >>     peace,
> >>     --
> >>     Nick
> > 
> > 
> > 
> 
> - --
> Eugene Y. Vasserman
> Ph.D. Candidate, University of Minnesota
> http://www.cs.umn.edu/~eyv/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iFcDBQFHfE9Qb9W6r3tKSVIRCFCkAQCPtuiKxhgKtxW2Id1PWP0eflsijZLfQ0E7
> VpMKZkyicgD+KoadZMAVD9D4gVIW6jRb/foF6ep34f+1KxKgygGOtHg=
> =I1sB
> -----END PGP SIGNATURE-----



More information about the tor-talk mailing list