Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft

MS response to NSA key backdoor in Windows 344

CitizenC writes "Microsoft has responded to the report of the allegations of leaving a backdoor in all of its products for the NSA. "
This discussion has been archived. No new comments can be posted.

MS response to NSA key backdoor in Windows

Comments Filter:
  • Either their explaination is a lie or they're dumber than I thought. Think about it...

    If you're worried that you might loose your car keys, do you install a special lock and have two different keys, or do you just have a duplicate key made?

  • What I get when I follow the link in the slashdot article:

    Microsoft VBScript runtime error '800a000d'

    Type mismatch: 'CInt'

    /security/inc/scripts.txt, line 279

    Great. Enterprise-class reliability, huh?

    -----

  • hmm, it sounds to me like they're saying "Yes, the keys exist, but No, M$ isn't going to give it to the NSA."

    Does Microsoft have a choice if the NSA requires them to give up a key?

    Something still stinks...

    numb
  • Considering that it's easy to just hexedit a new key in, that makes little sense. Besides that, you couldn't effectively revoke the old key since a great deal of crypto modules would depend on it, and the users would likely just ignore the 'upgrade'

  • from the microsoft page:

    http://www.microsoft.com/security [slashdot.org] -->


    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.






  • Well, yes, this means that there are two keys that you can use to sign things (and three in Win2k). However, why Microsoft would need more than one is beyond me.. For that reason, I would call it a backdoor. (Not that the normal system appears to be very safe anyway..)

    I don't know if the so-called "NSA key" has actually been supplied to the NSA, or even if Microsoft takes much care to look after it. Unfortunately, each key that Microsoft adds will make their operating systems less secure..
  • The primary keys can be copied to backup locations with several methods. The first step is the one which Coca-Cola is known for: Break the secret into pieces and store the pieces separately.

    If each backup of the key is in eight pieces and in eight different places, there is a backup but stealing the backup is much more difficult. Proper procedures would involve a variety of protections, such as banks with no corporate relationships, vaults of different types, and differing attack types required. For example, a key piece inside a clear jar embedded in plastic hanging from the ceiling of the lobby of Microsoft headquarters would require a different theft method than the key pieces in safety deposit boxes, or the key piece tattooed on a director.

    A key can be backed up in ways which make it difficult to reassemble, but the key can still be secure while it is backed up. Particularly if the backups were also encrypted so a piece is even less useful...and the key for the backups does not need as much security as the backups themselves so one does not have to repeat this process ad infinitum.

  • Time for the court order to open the source! The truth is in there...

    Nope. The source will just tell you what we already knew:

    • There are two keys that can verify crypto modules
    • One of them includes the three letters "NSA" in the variable name

    To find out why there are two keys we would need to ask the people responsible. The answer to that is not going to be in the source. (Maybe a comment might have the answer to that question, but in my experience things like that generally are not commented.)

    Someone later down said that MS must be hiding things if they stripped out the variable names. Well, if I may use hyperbole to make my point, All commercial releases of everything strip out all variable names! The weird thing is that they forgot to on one service pack, not that they did before.

  • If MS has placed one or more backdoor entrances in Windows, whether for themselves or for NSA, can we really expect them to give a straight answer in public about that is clearly a matter of security?

    Of course they deny it. If they acknowledged placing such keys, they would embarass themselves and the NSA (and would then have to concoct some new scheme for the future.)

    By definition, public statements regarding security issues are suspect.
  • But if you overwrite the NSA_KEY with a key of your choosing, you can then insert cryptographic modules signed using *that key* into WinX, and use strong crypto not authorized by MS (ie, outside the US)
  • Well, Windows Domain Controllers use password encryption. If you managed to insert a bogus crypto module for that mechanism, you could probably hack into any machine on the network.
  • NSA key or no NSA key, Microsoft and it's customers would want to be worried if the key could be cracked. Could it be done? Perhaps distributed.net style?
  • by wampus ( 1932 ) on Sunday September 05, 1999 @01:43AM (#1703717)
    The following is a cut-n-paste of MS's response

    ---
    Microsoft VBScript runtime error '800a000d'

    Type mismatch: 'CInt'

    /security/inc/scripts.txt, line 279
    ---

    I don't know how anyone could argue with THAT.
  • But, if one key is compromized, MS can authorize a patch to replace all modules with ones signed by the other key, and remove or replace the compromized key. Assuming the bad guys don't get to you first...
  • anyone with any sense keeps something as sensitive as a key for 80m machines in a tamperproof hardware device

    I would even go further and say that the computer with this key is not only tamper proof, but has no way to get the key in or out of it. Imagine that you have a computer that will cryptographically sign whatever data you send to it over a serial line. It could also be prompted for its public key, and would return this to you, but under no circumstances would it divulge the private key.

    This means no backup, no restore. When the system arrives, you plug it in and it uses some internally shielded noise source to generate its key. Any attempt to physically remove this key would result in the system clearing this memory.

  • I'll buy that. I dislike MS as much as the next guy, but look at the other acronyms they use and how they conflict with other organizations/standards/etc. I had a suspicion of this when the article was first posted. Of course, there IS no way to determine if they're telling the truth or not... :)

    -Chris
  • by Zico ( 14255 ) on Sunday September 05, 1999 @05:25AM (#1703724)

    You need a backup (and I believe that the NSA requires it by law) so that if the first key ("key #1") needs to be revoked, you use the backup key to verify the new "key #1" that you receive.

    Frankly, I'm seeing a lot of paranoid posts in this thread without a lot of thinking being done. If Microsoft wanted the NSA to have a backdoor, they could just give them a copy of their own private key -- they wouldn't need to write a special new one.

    To put a compromised key on someone's system, you need to get administrator/root access. If someone gets administrator/root access on your box, they could do anything they damn well wanted to anyway, so what's the big deal?

    Cheers,
    ZicoKnows@hotmail.com

  • And a followup:
    ---
    The page cannot be displayed

    There is a problem with the page you are trying to reach and it cannot be
    displayed.


    Please try the following:

    Click the Refresh button, or try again later.
    Open the microsoft.com home page, and then look for links to the
    information you
    want.

    HTTP 500.100 - Internal Server Error - ASP error
    Internet Information Services



    Technical Information (for support personnel)

    Error Type:
    Microsoft VBScript runtime (0x800A000D)
    Type mismatch: 'CInt'
    /security/inc/scripts.txt, line 279

    Browser Type:
    Mozilla (X11; I; Linux 2.0.32 i586)

    Page:
    GET /security/bulletins/backdoor.asp

    Time:
    Sunday, September 05, 1999, 7:45:07 AM

    More information:
    Microsoft Support
    ---

    Seriously, anyone got a mirror without all the active server bullshit?
  • Looks like Word 2000, or whatever the M$ droid used to write that has a few bugs too. (shocking)

    "... been suggested by the government, because we because we don't believe..."

    Must be one of the Windows programmers... ;-)


  • But they failed to mention whether it was possible to compromise windows security by replacing the backup key with your own. On the other hand, this is the first document I've ever seen from MS that doesn't contain snippets of propaganda everywhere.

  • Rather than let the truth get out, the NSA used their backdoor key to get in the take down the MS server....

    Microsoft VBScript runtime error '800a000d'
    Type mismatch: 'CInt'
    /security/inc/scripts.txt, line 279

    ---
    Put Hemos through English 101!
    "An armed society is a polite society" -- Robert Heinlein
  • What's the allegation?
    The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.

    **Note the above comment made by microsoft is very specific. To specific. Were it refers to start and stop security services is deceptive. Whith the key they may have it may totaly bypass the security. Does any one know this for sure?

    Thanks Sherm
  • We could conclude that they (MS) are telling the truth and we are too suspicious. But then again, maybe not. It has been said that "being paranoid doesn't mean that you're not being followed"...

    Possibly, Microsoft can not admit to having installed a backdoor simply because they are required so by law, and/or by a non disclosure agreement.

    I know one thing, this smells fishy and just inforces my personal preference for Netscape or even better, open source Mozilla (btw, when will Mozilla finally give us the final gecko)?

  • by Cironian ( 9526 ) on Sunday September 05, 1999 @01:50AM (#1703733)
    a) They claim there is a second key so it can be stored at a different physical location for disaster recovery. Why not just make a copy of key #1 for that?

    b) If the 'NSAKEY' was really harmless, why did they in previous version remove the symbol for it (but not for the other key)?
    1. For many reasons, Microsoft's excuse looks really lame, so let's assume it's a smokescreen.
    2. This being so, the so-called NSAKEY would indeed be a key owned by the NSA.
    3. We must then ask why would Microsoft allow the NSA a key and also deny the NSA's involvement?
    4. It would seem fair to assume that Microsoft would not assist the NSA without compelling reason.
    5. This raises the question as to what that compelling reason might be. Some sort of reward?
    6. If we assume that Microsoft's cooperation is motivated by self-interest, what kind of benefit can the NSA offer Microsoft?
    7. It is known that intercepted data is sometimes used for purposes of industrial espionage rather than just military intelligence.
    8. Microsoft could benefit from spying on the R&D projects of overseas companies, so this is a plausible means of the NSA gaining their favour.
    9. This raises the question as to why the NSA would care about Microsoft in the first place.
    10. Microsoft's success will lead to an even greater penetration of their products -- products which we assume have at least one NSA-requested feature. It is in the NSA's interests for this software to be widely used.

    Based on this line of reasoning, we could paint the following picture of the hypothesised cooperation between Microsoft and the NSA.

    1. The NSA benefits by having a widespread piece of software with certain "features" (and a general lack of security anyhow), such that it simplifies their job of further information gathering.
    2. Microsoft benefits by receiving industrial espionage data from the NSA with regards to (presumably foreign) companies.

    Don't you hope I'm wrong? It's just too sleazy for words.

  • by QuoteMstr ( 55051 ) <dan.colascione@gmail.com> on Sunday September 05, 1999 @01:51AM (#1703735)
    The "we had to create a backup" approach works with a physical, tangible object, but with something as easily copies as a set of bytes, there is no excuse to create a second key. The first key could have been copied as many times as the first and second keys combined.

    P.S. It's draconian for the NSA to limit what you could insert into an existing cryptogroaphy framework... even if that module is developed outside of the US! Pathetic.

    P.S.S. I would have named such a key "Checkkey", "BackupKey", or something similar. NSAKey is simply too suggestive to even risk putting into a piece of code.
  • The original [British] government bill on electronic commerce required a third party to hold a key for any encrypted message - ie key escrow. I recall a certain large software company strongly endorsing the proposals...

    No matter what it looks like, there isn't a .sig here.
  • True, Why would the 'backup key' survive but not the primary one? Whats more likely is that it will double the time it takes to crack both keys.

    And lets face it, its going to be much more fun
    cracking these keys cf. the RSA des/RC5 chalenges.

    Maybe the bovine lot would care to host such a distributed microsoft attack?

    The keys are probberbly copywrite anyway (can you copywrite a key?).

    Has anyone extracted the keys, are they plain old des/rc5 or are they something MS/odd?



  • Hey Microsoft, there's one way you can prevent any further accusations, show us the source! If you have nothing to hide then fork up the source to your accusers and say "check it pal, no back door" or are you afraid of what they might find?
  • > What grammar issues?

    In the sentence "Microsoft does not leave 'back doors' in our products", the word "does" is the third person singular form of the verb "to do", whereas "our" refers to the first person plural.

    Well, you did ask.
  • 1) Never implied other firms did not put
    broad disclaimers on their sites.
    2) Specifically noted that it was a
    boilerplate disclaimer.
    3) Protecting oneself from random litigation
    is reasonable. Making assertions about
    how one treats customers and then
    stating your assertions have no meaning
    is simply amusing.

  • This dude is asking for trouble- the topic has nothing to do with linux. I would like to see more of his poems(?)/songs though
  • This scheme would be even safer then a backup key.

    One could argue that if someone steals one piece of the key, this person would be able to eliminate all keys that don't have that piece from a brute force atack. To solve this, the key owner could create a simetric key to encript the backup key divide it and store it in pieces with the backup key, by doing this it makes harder for a person who steals one piece of the key to get info about the final key. Only when one steals all the pieces he would have the key to decript the backup key.

    Since kripto-keys are basicly random numbers a force brute trying to decript onr piece of it would be useless, since the atacker won't have a way to check if the key is decriptet or not.


    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"

  • s/Unix/VMS/g (I think - my sed's a bit rusty)
    --
    Cheers

    Jon
  • ONE LAST TIME. symmetric and asymmetric key lengths are totally different beasts! a 512bit asymmetric key being cracked says very little about 128bit symmetric key security. Please learn about cryptography, since you KNOW you can't trust companies or the government about it.
  • "grammar"

    You do realize that it's impossible to write a post criticizing someone else's use of language without misusing language yourself, right?
  • Why is it called NSAKEY whynot like WEHATELINUXKEY or something. Besides if the NSA reviews it for compliance, doesnt that mean that they have it?

  • So what? Suppose the NSA did demand that Microsoft
    surrender their keys? This has not appreciable
    impact on the security of Microsoft's customers
    whatsoever.

    The crypto keys are purely signature keys used to
    verify the authenticity of crypto modules loaded
    into NT. They do not provide any access to
    material encrypted with these modules.

    I realy don't know what all the fuss is about. There
    are enough genuine reasons to dislike MS products without having
    to invent spurious ones based on a foolish and naive
    missconception of the technology involved. I just damages the credibility
    of 'the cause'. (however you define it)


    Simon Hibbs
  • They may have responded like its no big deal, yet if all they said is true, the keys are still there! The CSP's they speak of could have been handled through another method, and surely not as inconspicuous as they are now.

    Secondly, how can we know the validity of their arguments? For an example one must merely take a look at BackOrifice [l0pht.com].

    Once again I feel even more secure staying in my safe Linux environment, I have access to the code and that is great leap above and beyond anything that Microsoft can offer me.

  • You're right - the NSA DOES have some clue in regards to information security - and this IS why they "offered" the advice....if you get my drift?

    It's patently obvious that the Microsoft response to these allegations doesn't cut the cheese. Why have a backup key if a backup copy of the original key would be just as easy to store?

    Equally, arguments that say M$ has a second key in case of compromise of the first don't hold any water - why didn't microsoft just say this was the case?

    The NSA's concern with information security is that everybody else's information may be too secure...hence the NSA_Key solution!

    -Shane Stephens

  • Far be it from Microsoft to LIE or anything.


    "Its not a car. It is merely a steerable metal box with four wheels and an engine, nothing more."


    Bowie J. Poag
  • once upon a time i was reading some pages at www.microsoft.com with my netscape on my linux box. pages were related to DOJ vs. MS law-suit. there were (on MS' pages) also possibility to write my opinion about the case.

    so i wrote it and submitted.

    but submission failed. it failed more than once. to be more precise, i tried 4 times and it failed 4 times. (error: Microsoft VBScript runtime error 'XXXXXXXX')

    so i take action based on info from error page: go to another page and fill error report.

    error report asked about lots of things but two of them were OS and BROWSER.
    i happily fill them with "linux" and "netscape".

    error form submission failed too. i tried 3 times.

    then i "corrected" those two fields to "windows" and "explorer" and - surprise - error form worked!

    after some time some person from MS tech-support contacted me. so i repeated my original reports about errors in their forms.
    i received reply: linux is not supported by us

    i tried 3 times to make argument that such errors are not related to my machine or browser (only in case theire scripts are handling such info and are handling it with less success - which is again not my fault).
    i failed.

    what's the point?
    maybe the only legitimate and truly meant "response" from microsoft is "runtime_error-we_do_not_support_that-internal_ser ver_eror-server_is_busy-...

  • Like the NSA actually needs a backdoor key to get into a user's computer system! What a joke.
  • If MS used only one key, it would be impossible to change it when it was compromised, but with two, you could use one to change the other.

    But as the press release pointed out, it is possable for anyone to change the key now. They gained nothing from two keys, but they enabled the installation of any unapproved crypto. All the installer needs to do is quietly patch over the second key. If there were only one key, it would be much harder.

    Of course there is the maxim: "Never attribute to malice what can be explained by stupidity". In the case of MS and US govt. I can certainly buy the stupidity arguement.

  • But if that's Microsoft's reasoning, then why didn't they say that, instead? And since they didn't say it, doesn't it seem somewhat less likely that that is their reason?
  • Buffer Overflows are a result of a lack of bounds checking. This is a logic error. Logic errors are the one hardest error to detect in programming. The reason there are so many buffer overflows are because when you program, you dont

    Buffer overflows could be avoided by using a language which has bounds checking built in.

    - Aidan

  • More than a few of the people posting on this thread could use a nice chill-pill.

    http://ntbugtraq.ntad vice.com/default.asp?sid=1&pid=47&aid=52 [ntadvice.com] has a very reasonable outsider's perspective of what this issue is about.

    Furthermore, there seems to be some confusion between CSP's and providers of authentication on NT. Assuming the worst possible case (e.g., the NSA can break everything encrypted via CryptoAPI), this has nothing to do with someone subverting LSA or kerberos and logging onto your system and reading or modifying your files.

    In other words, you should really only be concerned if you're using the CryptoAPI to encrypt sensitive stuff. If you don't trust the CryptoAPI, then you can always use something unrelated, like PGP. But if your paranoia level is that high, then maybe even PGP has "backdoors" that you're unaware of...

  • Um, have YOU ever heard of something known as SCOPE? Since the key is the same for EVERYONE, no single warrant would have the power to cover it, unless EVERYONE with Windows (either individually, or by inclusion) were named in the warrant. No judge in his right mind would sign a warrant that broad.

    And while we are at it, what possible reason could be cited for the need to have this Key? It's not used to encrypt anything, just to verify the validity of an encription module.
  • After reading the MSFT disclaimer at
    the bottom of their comment on the
    alleged backdoor, it is hard to
    take anything they say seriously.

    For those who didn't read the small
    print, here it is:


    September 03, 1999: Bulletin Created.

    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

    Now, this does read like standard lawyer
    CYA BS, but when they're telling you to
    trust them and following the statement
    with an overarching disclaimer...well,
    I don't have to be a crypto expert to
    know *my* security is best served elsewhere.

  • "We do not share them with any third party, including the National Security Agency or any other government agency." Who's the Second party? I don't remember getting a copy of the key. Bad grammar, or subtle wordplay?
  • must be another "de-facto standard"
  • Yes, that's right, it's for executable code.

    But verifying and executing are two very different things. If you don't install it it won't run.
  • is this quote: "Sun has had run-ins with the NSA in the past. Two years ago, the NSA objected to Sun including encryption in the exportable version of Java 1.1. The end result was that Sun stripped encryption out of Java 1.1 and the software was delayed by about six months."

    I remember this delay, and I don't remember Sun ever mentioning it was due to NSA related issues... which is fine, but what I do remember is that MS drug them through the mud over the delay!

    Now, considering how everyone in the these circles usually knows what's happening to everyone else involved, I would say that it's a good bet that MS knew the real reason behind this delay, and knew that Sun wouldn't say anything, and took the opportunity to kick an opponent when he's down (not like they don't always do this), but somehow this BS from MS, never ceases to amaze me...

    Sigh and yawn...
  • Isn't Eschelon suposed to be doing industrial/economic spying for American businesses? The sort of arrangement you describe would fit in nicely to that scheme. Of course the compelling interest of Microsoft to obey the NSA might just be pictures of Bill Gates' micro-softy, or access to old-boy's networks at the DOJ and Federal Court system.
  • by Anonymous Coward
    This is used to verify such things as Active-X and Java applets I believe. So now the NSA can sign things and you will run them. For the NSA to do a hidden redirect when you go asurfin would be pretty easy for them, I bet. Hence, it is a backdoor. It is a bypass of the security model (which, unfortunately, in based on the premise that you trust MS. Probably, you don't, but the NSA doesn't either.)
  • The backup key is needed for disaster recovery.
    Bullshit.

    Ever hear of offsite backups? Or commerical key escrow? Or n of m data splitting techniques?

    Either (1) this is an outright lie, or (2) Micro$oft doesn't know how to manage critical data. (And that's not an exclusive or.)

  • Microsoft's response indicating that the backup is there in case of disaster is simply nonsense.

    The first thing that occurred to me (and others in this thread) was that you need only make copies of the key to safeguard against its loss.

    Does it really seem likely that Microsoft has only one copy of a key on which their software depends? Not bloody likely. There must be redundant backups. Furthermore the key is probably not stored exclusively in some super-secret place; they need it to generate new builds, a process done on a daily basis. That means that the release engineering team has access to it and you can bet that they're not walking over to some ultra-secret building with the build bits every day.

    It makes sense to have a developer key (though it should really only be used in internal builds), but the only way it makes sense to have a second production key is if it belongs to a second party. There is no additional security provided by having a second key that wouldn't be provided by having backup copies of the first key. In fact, it's more secure since two keys gives you twice the targets in a brute-force search for the private key.

    So: I think we can take Microsoft's response as being pure bullshit. So why is the key really there?

    Consider this new evidence in light of the recent request by the DOJ [yahoo.com] for the rights to surreptitiously monitor your computer system given a sealed warrant. Well, that key would make it a hell of a lot easier to insert evesdropping hooks, wouldn't it?

    Now, aside from not being all that keen on companies selling my personal information all the time I'm not much in the way of a privacy nut. If they want to monitor my system, hey, it's their time and energy to waste. But don't ask me to believe bullshit "backup key" arguments. It ain't so, and you're insulting me by suggesting it is.

    That key is there at the request of the US government, you can bet your last dollar on that. It gives them the ability to drop in a bug that can monitor any data manipulated via the crypto API. This is a better technological solution than key-escrow.

    Now here's the way you can use this in your favor: build a software package that checks the signature of the crypto API against the different keys. If you have one that verifies against the so-named NSA key then you're not using the stock Microsoft package anymore. And wouldn't that be interesting?

  • I assume that the guys at Microsoft are paranoid enough to do code reviews on a regular basis. It is done in many major (and not-so-major) software companies to ensure code quality. As a side effect, if you are are a developer and you want to introduce a security hole (or even an easter egg) in the "operating system", you would a) have to know in advance who is going to review your code and b) cooperate with your reviewer so that he will look the other way at the right page of code.
    On the other hand, there are plenty of easter eggs (up to entire litte game engines) inside the code for M$ products. This shows that it is possible for the M$ developers to hide significant portions of code from their management. So there is no technical but rather an ethical restriction on how malicious hidden code inside Windows can be.
    Ergo, if there's enough really pissed developers who gather and introduce a backdoor into Windows, it could be possible.

    Hey, wouldn't that be something? Let yourself be hired by Microsoft, gather the illoyal employees around you and ruin the product!

  • The FBI wants capacity to be able to tap 1% of domestic calls simultaneously.

    European gov't complains about (and reveals the existance of) Echelon - a keyword scanning station.

    In marrying those two, you end up with very impressive domestic surveilance capabilities. Agents no longer need to actually "listen" in on phonecalls that may or may not be deemed suspicious, as Echelon can monitor telephone, fax, email, etc... Probably merge all those results together and give a very detailed account of people, based on their insecure communications.
  • They must have posted this so quickly that the couldn't even have it proofread... Nervous? Probably...
  • Well i'm sure they've already broken other laws...whats one more?
  • by Anonymous Coward
    Incompentence is always credible from MS.
  • by coyote-san ( 38515 ) on Sunday September 05, 1999 @06:38AM (#1703808)
    Something just occured to me. Regardless of whether MS uses hardware or software encryption, it's possible to use the threshold problem to break a secret into multiple N pieces where any M are sufficient to reconstruct the key, but M-1 are not. (Not all hardware signers have this ability, but IIRC some do and it's a prudent precaution.)

    That means that MS could take their primary key, apply a (7,4) algorithm on it, then put the pieces in a safe deposit box in Seattle, New York, LA, Boston, Atlanta, Denver, and Calgary. Any four pieces are enough to reconstruct their private key.

    If four of those keys are unavailable at the same time, then Microsoft losing its private key will be among the least of our problems. No pair of cities, except Boston & NY, are within 1000 miles of the others so only an "extinction level event" would take them all out at the same time.

    Conclusion: MS is blowing smoke. Either they're totally incompetent, they're lying, or they have a profound breakdown in internal communications. (The same options apply to the "advanced web programming" (HTML forms) comment regarding the hotmail fiasco.)
  • So True. The nerds that don't hate MS are using Linux, *BSD, etc. Those lucky nerds can ignore MS. The nerds that hate MS are using NT or even worse 95/98.
  • I hadn't even thought of that :) I was tied up in thinking why you couldn't just have a backup. I mean, what if someone stole one of the backup tapes and started releasing signed copies of BO :):):):):)
  • You need a backup (and I believe that the NSA requires it by law) so that if the first key ("key #1") needs to be revoked, you use the backup key to verify the new "key #1" that you receive.

    I can see why Microsoft would want to do this, so they don't have to spend millions on a worldwide upgrade of all windows systems (like the Pentium bug), but why would this be required by law? There is no element of "national security" of any interest to the NSA in this, unless there's something Microsoft is not telling us.

    We probably found something, but it isn't what we think it is, so Microsoft is trying to create a diversion so put us off track by pretending the key is only used for CryptAPI, when really it is being used for other things as well. Someone should really see what else this key can be used for.
    --------
    "I already have all the latest software."
  • by Zico ( 14255 )

    I've got my very own stalker! I finally hit the big-time, ma!

    Cheers,
    ZicoKnows@hotmail.com

  • These MS-signed crypto modules run as the super-user (as every MS component does). These modules could contain any code at all.

    I could write a module that, when fncDo_crypt function is called, spawns a (hidden) remote-access server that allows me to control the computer, access files, etc. If MS (or the NSA) signs it, I have access to everyone's computers (and I can flag the most sensitive data - the stuff that was supposed to get encrypted).

    Don't trust MS crypto, nor even PGP (it's proprietary, though I guess it's better than MS-CruftAPI), but only OSI-Certified OSS alternatives, such as GnuPG.

    'Nuff Said.
    --------
    "I already have all the latest software."
  • my first reaction was I'm glad I'm not running
    any version of Windows as my primary home OS
    .
    No matter what MS say, how will anyone know for sure whether what they say is true or not? The only OS you can truly trust is one that gives you its source code...
  • by platypus ( 18156 ) on Sunday September 05, 1999 @06:58AM (#1703823) Homepage
    This is an excerpt from a summa ry [securityfocus.com] of the internet auditing project.
    Friday, our Japanese participants discover that a computer on their company network has been cracked into, one very secure Linux box running only SSH and Apache 1.3.4. Now this would definitely send a chill up your spine if you knew just how fanatic our friends are when it comes to network security. Furthermore, they only detected the intrusion three days after the fact, which is unbelievable when you consider the insane monitoring levels they've been keeping since they agreed to participate in the scan. They would have noticed any funny stuff, and in fact, they did, lots of it, but none of which came close enough to a security breach to raise any alarms.
    [..]
    The attacker knows the employee's username and password and is even connecting through the employee's Japanese ISP on the employee's account! (the phone company identified this was an untraceable overseas caller)

    This information could not have been sniffed, since network services are only provided over encrypted SSH sessions.

    Further investigation shows that this employee's personal NT box, connected over a dynamic dailup connection, had been cracked into 4 days earlier.
    [..]
    How the NT box was cracked into in the first place is still a mystery. The logs weren't helpful (surprise! surprise!) and the only way we were even able to confirm this had happened was by putting a sniff on the NT's traffic (following a hunch) and catching those sneaky packets redhanded, transmitting our SSH identification down under.

    Hmmm...
  • The whole issue of whether or not the NSA has a backdoor into CryptoAPI is moot, frankly. What's being missed here is that the system allows *arbitrary replacement* of the backup key, which would allow *any arbitrary CSP* to be installed on for system use *without user intervention or knowledge*.

    How long before we see a trojaned CAPI with an installer that replaces the backup key? While there is potential for abuse by law enforcement, there is also *significant* risk of key compromise by third parties as well.

    Where would you like your keys to go today?
  • I am not compleatly sure how MS Crypto works, so I am asking this not as flame bait. Is MS saying in this press release that the goverment dose not have keys ("Back doors"), but MS dose? Someone please clairfy this. Thanks
  • by Dwonis ( 52652 )
    pronounced "GRA-mer"
    --------
    "I already have all the latest software."
  • by TedC ( 967 ) on Sunday September 05, 1999 @01:53AM (#1703830)
    ...but NSA really stands for "NT Sucks Already".

    I guess their explaination could be true, but I would still feel a bit nervous about using Windows after reading this. Fortunately this issue doesn't concern me. :-)

    TedC

  • This is simply unrealistic. You are arguing that simply having backups makes data insecure, regardless of where the backups are stored. Granted the key is only secure as the weakest link (or backup), but multiple copies are needed in this case. Its evident you've been watching movies a bit too much. Redundancy is needed in the world, no matter how secure/protected you think one site is.

    This even isn't worth arguing since this key isn't just a use once signature. Any new cyrpto packages approved by Microsoft has to be signed, meaning that somebody (or some group) has this key and is using it on a semi-regular basis. With Microsoft I doubt this person walks into the basement with retna scanners, multiple ID checks, and armed guards. Instead they login to the corporate NT domain server to access it.
  • by Anonymous Coward

    "We do not share them with any third party, including the National Security Agency or any other government agency."

    One would be deluding one's self if it were thought that Microsoft doesn't have senior level programmers, product managers, etc., on the payroll of the NSA. Microsoft is too big and too important for that not to be the case. Similar things occur in places like GE and Boeing (for perhaps more obvious reasons), and you can bet that MS is in the same boat.

    That said, it is *extremely* doubtful that MS would have allowed this oversight to escape if the key had actually been a 'backdoor'. More likely they are telling the truth in this case.

  • check out:

    http://www.counterpane.com/nsakey.html
  • Now here we have a company whose entire history in respect to its security has been a joke. Their idea of secure has been to use a simple hash to hide user's passwords. And then comes out this piece about the back door and people are genuinly surprised, come on!

    You don't think M$ has a little hidden entrance for itself on top of that? I know it may seem a bit conspiratorial but you have to take into consideration the mindset of this company, basically absolutely ruthless. They'll do anything they have to in order to get ahead of the game, including in this case selling out their customer's security options just so they can sell overseas..

    Now I realize I use M$ products for the time being but their policies I do not agree with at all. As for this hype, ask yourself are you genuinely surpised to find that it exists? This person isn't.

    toufic
  • So can speed.
  • by ptomblin ( 1378 ) <ptomblin@xcski.com> on Sunday September 05, 1999 @01:57AM (#1703841) Homepage Journal
    Can somebody explain to me why the primary key couldn't be stored in more than one place? Crytographically, having one key stored in two places is no less secure than having two keys, each stored in one place.

    Hands up everybody who believes Microsoft's explanation? Nobody? No, I didn't think so.
  • Since noone seems to have really mentioned it, I felt I should point it out.

    Everyone seems to be focusing on Microsoft, but anyone who has read a Tom Clancy novel knows that the NSA will tell MS to lie about it until the day the company goes bankrupt.

    If the NSA says it is a matter of national security, then MS will deny any thoughts of ever considering an NSA back door, whether it is there or not. You could have 12 memos from MS VP's and 5 from the NSA that discuss standards for the NSA key and encryption algorithms, but MS would deny it till their servers are cracked and brought down, then go on denying the problem.

    It isn't really MS's fault. They probably don't have a choice.

    Why do you think open source advocates are painted in such a poor light. Someody out there wants open source advocates to look like extremists and conspiracy hunters. If you want people to believe your story, discredit your opponents.

    I doubt MS let the NSA have a back door just becase they thought it would be fun. Chances are someone told somebody else to do it. MS is just the pawn here.
  • Of course, there IS no way to determine if they're telling the truth or not... :)
    Well sure there is, if we could reverse engineer it back to source code, put out own key in it, recompile, then try to break in using that key. Only problem is the legallity of such an action, not the mention the difficulty in successfully recompling it. It would still be arguable either way afterwards.
  • The original article made no sense to me. This was an attempt by the overreactive anti-Microsoft community to bring out yet another security flaw. Not that there aren't plenty already. The original article needed much more substantiation before it was brought to the press.

    Frankly, I mistrust the freely available download to patch the bug more than I mistrust Microsoft's response. What a great way to fool people into downloading a virus: Call it patch!

    Ofcourse it is true: MS does have a back door in Windows, it's called "ActiveX" or "Microsoft Office" :)
  • You say, you can see why they wouldnt have backups all over the place. But isnt having 'KEY' at M$ and 'NSAKEY' at the secret MS-Vault 99 just as safe/insecure as having 'KEY' at M$ and another copy of 'KEY' at the second location?

    Although as easy as it is to hack into MS systems, I suppose the NSA key might rather be for NSA internal usage; that way they could sign crypto modules that they dont want anyone else to see.
  • Don't believe anything that Gates says.

    Of course they've left a backdoor open for the government; it's all part of their negotiations with the DOJ: They've been given the green light to secure a monopoly so long as the government is allowed to access each and every computer that has installed Windows.

    It's so painfully obvious that it pisses me off when people try to refute it. The government is *counting* on your passivity!

  • My only gripe is why the software I have to have to use Linux has buffer overflows at all. In particular, why doesn't Red Hat examine the code before a new release, rather than signing me up for a "b.o. fix of the week club" for several months after the release.

    It's not like buffer overflows are a new thing in the world. Couldn't all the standard components that ship with Linux be audited and fixed once, and stay fixed thereafter?


  • What I can say about it is that, for higher security, you don't usually make copies of the private key, even if possible. I won't enter the details of it, but put simply: how much would you trust a key that you can make copies of?

    More to it: in high end security solutions the key is held in hardware, be it a smartcard or a more complex CA card or box. This pieces of hardware are initialized and they keep the key in such a way that is, virtually, impossible to copy out of it.

    The bugger being: you loose the card, you loose the key. I even understand the double key, giving them a backup plan in case the first key is lost, and I see nothing wrong with it.

    There is a problem in all this, and Microsoft didn't answer that bit, the most important bit of the issue: if it's so easy to change one of the trusted keys, as the original article showed, how can we trust the crypto units "certified" by Microsoft?

    An scenario could be the following: Eve wants to see what's going on between Bill and Laura, ships to them bot a piece of software "signed by Microsoft", this piece of software, during the installation, changes the backup key to a key known by Eve, and installs the evil CAPI that makes a copy of all the communication going on between Bill and Laura, encrypts it with the public key of EVE and sends it to her.

    Do you see the hole?

    A smile,
    Fabio

  • > Even if this were a real issue no one would believe it.

    I would have said, "Even if MS is telling the truth (for a change), no one would believe it."


    > People (mostly the Linux community) have cried wolf way to many times.

    Heh. MS cries "wolf" regularly in the form of vaporware announcements, and a few people still seem to believe them.


    > At this point everyone just assumes you are lying in order to promote your agenda.

    I'm not so sure the story started among Linux advocates, and I know Linux advocates aren't the only ones raising the alarm.

    And besides, what kind of agenda are we supposed to expect from Microsoft? They'd give use the same denial whether they were guilty or not. Their disclaimer proves nothing. Being utterly predictable, it was information-free.

    If they do happen to be in the right (for a change), it would be no more than poetic justice to have them suffer a customer revolt based on misinformation. What goes around comes around, and all that.

  • Buffer Overflows are a result of a lack of bounds checking. This is a logic error. Logic errors are the one hardest error to detect in programming. The reason there are so many buffer overflows are because when you program, you dont necessarily take into account that there is one million ways someone could try to create a security hole with your code. You could audit software once, but it's not going to stay secure, because with updates comes more holes. And that's why companies like redhat keep releasing updates. Software gets updated periodically, and with that comes new holes to be found. If distributions were to check all the code pre-release rather than relying on the author(s), they would all be released with considerably dated software. Unfortunately, its a way of life.
  • by gleam ( 19528 ) on Sunday September 05, 1999 @02:20AM (#1703933) Homepage
    Microsoft Security Bulletin

    There is no "Back Door" in Windows
    Originally Posted: September 03, 1999

    Summary
    A report alleges that Microsoft "may have installed a 'back door' for the National Security Agency... making it orders of magnitude easier for the US government to access their computers". This allegation is false.

    What's the allegation?
    The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.

    Is the allegation true?
    No. Microsoft does not leave "back doors" in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.

    Are there two keys?
    Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.

    What's CryptoAPI?
    CryptoAPI is a Microsoft technology for providing cryptographic services. Vendors can develop stand-alone cryptographic modules called Cryptographic Service Providers (CSPs), which can then be called by any program via the CryptoAPI interface. For more information on CryptoAPI, see http://www.microsoft.com/security/tech/cryptoapi/d efault.asp.

    What are the keys in question?
    The keys are used to verify the digital signatures on CSPs.

    Why do CSPs have to be signed? And why by Microsoft?
    CryptoAPI is subject US export laws regarding cryptography. One element of this requires Microsoft to ensure that CryptoAPI will only load CSPs that meet US cryptographic export laws. This is done by digitally signing all CSPs. Before it loads a CSP, CryptoAPI verifies that the CSP has been digitally signed. Part of Microsoft's responsibility as the vendor for CryptoAPI is to sign the CSPs.

    When a vendor has a new CSP that they want to release, they submit it for signing and show that all export licensing has been received. Microsoft then digitally signs the CSP, and it can thereafter be used by CryptoAPI.

    Why are there two keys?
    There is a primary and a backup key.

    Why is a backup key needed?
    The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows 95, 98 and Windows NT. Clearly, this would be a massive undertaking.

    This is why there are two keys. If something befell the primary key, Microsoft could thereafter sign CSPs using the backup key. Because the backup is already in every copy of Windows, there would be no disruption to customers.

    Why the backup key labeled "NSA key"?
    This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as "the NSA keys", and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.

    I heard that there is a third key in Windows 2000. Is this true?
    There is a third key present in the beta versions of Windows 2000, but it does not provide a "back door". It is simply a test key that allows the developers to sign test CSPs while Windows 2000 is under development. It will not be present in the production version of Windows 2000.

    Does this have any effect on CryptoAPI's compliance with US export law?
    No. The CryptoAPI architecture is fully compliant with US export law.

    Revisions September 03, 1999: Bulletin Created.




    ------------------------------------------------ --------------------------------

    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

    © 1999 Microsoft Corporation. All rights reserved.

  • now, how could anyone refuse?

    incidentally, this has accidentally been through both a mac and a linux box since leaving ms, and is therefore highly offensive to every single person who reads /. Handle with care.

    Microsoft Security Bulletin

    There is no "Back Door" in Windows

    Originally Posted: September 03, 1999

    Summary
    A report alleges that Microsoft "may have installed a 'back door' for the National Security Agency... making it orders of magnitude easier for the US government to access their computers". This allegation is false.

    What's the allegation?
    The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled "NSA key" and constitutes a "back door" that could be used by government agencies to start or stop system security services on user's computers.

    Is the allegation true?
    No. Microsoft does not leave "back doors" in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.

    Are there two keys?
    Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.

    What's CryptoAPI?
    CryptoAPI is a Microsoft technology for providing cryptographic services. Vendors can develop stand-alone cryptographic modules called Cryptographic Service Providers (CSPs), which can then be called by any program via the CryptoAPI interface. For more information on CryptoAPI, see http://www.microsof t.com/security/tech/cryptoapi/default.asp [microsoft.com].

    What are the keys in question?
    The keys are used to verify the digital signatures on CSPs.

    Why do CSPs have to be signed? And why by Microsoft?
    CryptoAPI is subject US export laws regarding cryptography. One element of this requires Microsoft to ensure that CryptoAPI will only load CSPs that meet US cryptographic export laws. This is done by digitally signing all CSPs. Before it loads a CSP, CryptoAPI verifies that the CSP has been digitally signed. Part of Microsoft's responsibility as the vendor for CryptoAPI is to sign the CSPs.

    When a vendor has a new CSP that they want to release, they submit it for signing and show that all export licensing has been received. Microsoft then digitally signs the CSP, and it can thereafter be used by CryptoAPI.

    Why are there two keys?
    There is a primary and a backup key.

    Why is a backup key needed?
    The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows95, 98 and WindowsNT. Clearly, this would be a massive undertaking.

    This is why there are two keys. If something befell the primary key, Microsoft could thereafter sign CSPs using the backup key. Because the backup is already in every copy of Windows, there would be no disruption to customers.

    Why the backup key labeled "NSA key"?
    This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as "the NSA keys", and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.

    I heard that there is a third key in Windows2000. Is this true?
    There is a third key present in the beta versions of Windows2000, but it does not provide a "back door". It is simply a test key that allows the developers to sign test CSPs while Windows2000 is under development. It will not be present in the production version of Windows2000.

    Does this have any effect on CryptoAPI's compliance with US export law?
    No. The CryptoAPI architecture is fully compliant with US export law.

  • by dattaway ( 3088 ) on Sunday September 05, 1999 @03:24AM (#1703966) Homepage Journal
    Jeez, get a life. Get at least 2.0.38 please.

    No, I got the same page, yet the IIS scripts claim I have 2.0.32, not one of the 2.2 kernels. Why they don't just write a page and post it with a simple link is befond me. They must have a network of scripts to spin every document that comes out of that place.

    Its like they are trying to automate thier PR department by scripting. I'm waiting for someone to come up with a Microsoft PR generator page so anyone can create hype with a spin on the fly.
  • > very funny microsoft. ever heard of buffer overrun security issues.

    Yeah we all know how immune linux is to those.
  • No, you fool. This allows anyone (or, prior to the discover of this Hole, the NSA, to replace your security and encryption module with a dummy one that could do anything... even transmitting your password and keys back to the NSA in a transparent form of Key Escrow. It's hole. Oh, and bwt, if pkunzip allowed anyone to unzip any password-protected zip file by using "bob" as the password, THAT would be a hole.
  • What do you mean, "erase the keys througout the sysetm in one felt[sic] swoop"? rm -rf /? That's always a danger? I'm talking about having this key on multiple systems. Say... bill gate's person supercomputer, his flea's Athlon 650, and, of course, the omnipotent NSA. Creating a different key for each of those systems and hardcoding it into Windows (2k) only serves to reduce the brute-force key difficulty to 1/3 below nominal. That's like creating a version of *n?x that had two roots, "Bob" and "root", both without passwords. If you know one, what difference does it make whether you know the other? If you know both (as M$ does), what difference does it make whether a user hacks out one of them? A user is twice as likely to guess either "Bob" or "root" at the login prompt that he is to guess "root" alone, anyway. Say, for the sake of argument, M$ only does store two keys, one in Seattle, one in Redmond. Say Redmond is hit by an ICBM which happens to be targetted at the Microsoft building. M$ has now lost key #1. If they have key #2, they can continue to produce CryptoAPI modules. However, if they still have another copy of key #1, there is no difference!

    Of course, it would be asinine to store only one copy of each key.

    So, in short, having two keys allows:
    1. No increase in security or reliability
    2. An increased likelyhood of the key being cracked by brute force.

    -----
  • by Anonymous Coward
    Has anyone noticed that there's a bill bending in Congress to allow law enforcement agencies to do exactly this?

    The proposed law would allow LEAs (with a proper warrant) to break onto the suspect's premises and somehow install software to surrepticiously disable passwords, encryption, etc., providing LE with full, ongoing access to all data and communications.

    When I first read about this proposal, it didn't make much sense; wouldn't LE need to break any existing security first, before installing their "backdoored" version?

    Now it all makes sense. At least in the case of Windoze, the backdoor is already there, specifically a mechanism that allows anyone to "sigh in" a modified version of whatever security module is desired.

    Each event, viewed separately, is disturbing. Together, they're horrifying.

  • I'm a bit disappointed to be honest. MS respond to the hotmail attack by saying it wasnt a major problem and y'all (probably rightly) have a go at MS for giving evasive PR crap.

    Now they give a fairly detailed explanation that - to me (although I admit to not knowing crypto stuff) - seems to make some sense and be quite believable.

    Instantly /. is awash with "LIES FROM MS" posts.

    OK, some of the posts I read gave decent, thought out critiques to suggest the statement was fishy. But a whole lot more of them smack of the sadly very-common attitude of some /. people who see the word MS and hit the flame key without taking the time to consider the case on its own merits.
  • by coyote-san ( 38515 ) on Sunday September 05, 1999 @04:18AM (#1704027)
    *IF* Microsoft has half a clue, they're using a *hardware* encryption key to sign their most critical information. These are devices that require physical keys to operate, and they are designed so that they won't reveal their private keys. (Some allow "cloning" another hardware device, others do not.) In practice, these are items that are kept in your deepest vault and used to sign the software keys that you use for routine signing.

    Assuming MS uses one of the latter, having a "hot spare" might make sense...

    ... except, as the BUGTRAQ article notes, Microsoft's explanation still makes absolutely no sense. There's no apparent key hierarchy (isn't the crypto key signed by a master MS key?), there's no apparent rollover mechanism, and there's the insane assumption that there can only be one major physical disaster befall Microsoft. That's crazy; during the World Trade Center bombing at least one company had lost both primary and backup sites!

    Ironically, I find this makes MS's story seem *more* likely. The corporate culture is notorious for its "performance is not my problem; computers will be faster next month" mentality, and this ill-informed, brute force way of dealing with the subtle issues of key management matchs that culture!
  • Microsoft seems to admit that there is a backup key and furthermore that a backup key needs to exist to "ensure compliance with the NSA's technical review". It seems to me pretty academic to argue whether they have already shared that "backup key" with anyone.

    But I'd ask the more general question: why does this surprise anyone? NT is not an open source product. It would be easy for any developer on the project to slip in a backdoor. Based on experience with other large software systems, I'd expect there to be dozens of backdoors in NT system and applications software. I wouldn't trust NT security further than I can throw a year's worth of MSDN CD's and documentation.

  • a) They have a second key as a backup, in case the first key would get compromised (such as being published by a pissed off M$ employee for example, or more likely, being cracked by some guys at l0pht :). With the second key they could sign some update which installs yet another new key.

    b) I guess some bozo at M$ just forgot to strip the release executables, nothing more.
    --

A list is only as strong as its weakest link. -- Don Knuth

Working...