NSA backdoor creates security hole in Windows 576
A number of people have written in with the news that Cryptonym has found an apparent backdoor for the NSA (called NSAKEY) in all current versions of Windows. However, you can open this backdoor yourself and install your own strong cryto module in place of the built-in one. More
details are also online, but to be quite frank, we aren't quite sure on this one-so, if you're more qualified comment, please do so below.Update: 09/03 11:19 by H :Thanks to Jens Hillman for more information from the German Chaos Computer Club. Der Webpage ist auf Deutsch-Babelfish it.
Re:Is it possible this is a decoy? (Score:1)
Re:Well, this is another argument for getting sour (Score:1)
It's all about control... (Score:1)
Re:We let the government decay to a dangerous poin (Score:1)
I remember him saying before Waco that the four best police agencies in the world were (in order) the FBI, the Texas Rangers, the Texas Department of Public Safety, and the Mexican Federal Judicial Police.
Every so often someone in the British establishment says 'British [X] is the best in the world'. It's always a sign of a major scandal brewing in [X], whether that's beef, banking or beaurocracy. 'The best in the world' means out-of-touch and complacent, and out-of-touch and complacent is very, very close to corrupt.
Re:That was a theoretical attack (Score:1)
Thanks for the correction - I had forgotten who had actually written the trojan.
--
Re:That was a theoretical attack (Score:1)
First, it isn't FUD, it was done - although (as another person pointed out) it was never released outside AT&T, which contradicts what I had originally read, but I guess Thompson would know better than I what he did with the Trojan.
Second - That doesn't eliminate my main point: There's no reason why someone with access to one of the main GNU distributions sites couldn't pull the same trick off today, by slipping the trojan into gcc.
--
Re:Sorry but that's BULL (Score:1)
MS has of course used this to imply that NT has been C2 certified -- worded carefully so as not to be an outright lie.
the begining (Score:2)
One more nail in the coffin... (Score:1)
Is it possible this is a decoy? (Score:1)
Fix it yourself? (Score:1)
Well, that's almost impossible for half of the Windows population.. and hardly possible for people who know what they're doing
How come I'm not surprised when I hear about more and more backdoors in Windows?
Matt
_____________________________________
Will hasten retreat from Windows (Score:1)
(* By this I mean some compelling reason for overnight change.)
Previously, what it would have taken to get these people to switch from Windows to Linux was a more refined Gnome/KDE and a more graphical installer (sorry gui RPM, while powerful, is just too different).
Now they're scared..
Scott
Re:the begining (Score:1)
This could be very good for all open OS's. (Score:2)
I know if I owned a company, I sure wouldn't want NSA taking my company data to help out some American company. Yeah, sure, they are not supposed to, but what is to stop them.
So admins in countries other than US: start looking at open *nix systems. You can actually have some security with *BSD and Linux.
(Heh. Just like America seems to be the last country still holding off on the metric system, it will be the last country still using Windows.)
My 2 bits (Score:1)
Re:Isn't this illegal? (Score:1)
The problem that most people have is that some government agencies are a little loose about obtaining warrants, or alternatively the judges may be a little too loose about granting them. The very fact that they could be able to access all your data without your knowledge is what riles most folks.
errors (Score:1)
No one figured out that backdoor until Microsoft forgot to remove the explicit name NSA_Key in NT SP 5? What kind of joke is this? Or is it a programmer at Microsoft that's covertly working for the Open Source movement? :)
It could be a joke. It could be nothing at all. But why are there two keys- and why was this kept hidden? Sure, if it is the NSA that has backdoored Windows- that is a Bad Thing(tm). But I don't care if a janitor that put it in there- a backdoor is a backdoor is a backdoor.
Also, I think that this would be exactly the way that the NSA would invade our privacy- through collusion. Why spend the time cracking an OS when you can have Bill and his boys save you the trouble? If you need another example, look at Echelon. Don't spy on your own people, spy on the others and trade the information. Same idea.
It's a decoy. The NSA has a backdoor somewhere else, much less obvious, and this is meant to make us believe the NSA backdoor has been found.
This is a real possibility, but I don't think so. Why bother making a decoy if the source is closed? We may have never found it had not someone droped the ball with SP5. I'm not saying there aren't other backdoors elsewhere, for all I know the entire TCP/IP stack is rigged, but thanks to closed source and unethical collusion it's likely no one will ever know.
You know, many of us like to bash M$ (Score:2)
BUT, that does not give anyone the right to be pricks.
Someone I work with was just flamed by another person to whom my co worker had sent a document in an M$ format. The recipient was a Linux user, and the only geeks my co worker has encountered were me and the geeks here (i.e. some laid back MFs)
For many of us there is no alternative, we have to be compatible with other businesses. Yes, there are products that will open Word/Excel documents, but going back again is not always easy. Any of you ever try to open a Claris document in Word 98 on a Mac? It gets all buggered up.
Spreading the Linux/Unix gospel would be _much_ easier without people being smeg heads about it when someone uses a different platform. You want a Mac? Be my guest. You think Win98/NT is the bees knees? Knock yourself out. You want a powerful, stable
All we do when we flame people for standing up for M$ or using their products is make the Linux/Unix community look bad, like childish, bad tempered simpletons. It is counter productive to flame, mail bomb, or crack someone for using or liking another product.
Here is a neat idea. Before you write that flame, pretend that person is right in front of you. Or better yet, remember that it makes YOU look bad.
*rant mode cancel*
Sorry, I just don't understand why people who would otherwise be perfectly polite and cool suddenly become total a**holes over really stupid smeg.
blah blah blah, I'll shut up and drink my beer
Re:Computer "BUG" (NSA listens in) (Score:1)
even when on the hook
but I'm just crazy
NSA key to read Windows? (Score:1)
CryptoAPI pretty pervasive (Score:2)
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Pretty much everyone and everything under Windows, directly or indirectly ... ActiveX code signing, Outlook, Internet Explorer ... authentication, I think ... you name it.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:We let the government decay to a dangerous poin (Score:1)
I don't care if Hoover did spend his leisure time in a nice Chanel day-to-evening and tasteful-yet-daring Ferragamo pumps -- he got in and kept good people who did real detective work. They went out and they detected. And having known quite a few of them, I have to say that they were remarkably good people, in an absolute sense of good. The didn't lie, cheat, or steal. They were good to dogs and children. They were morally inflexible, but that was understandable. I don't know what happened to those people and people like them.
Lately, with the lastest unpleasant revelations about what ever the Hell happened in Waco, there has been a lot of footage of the Texas Rangers testifying before Congress. They are big, fat, sneaky-looking rednecks. They are probably vicious and quick on the trigger. And damn but they do look like good detectives. Where the attorneys for the FBI keep saying things that don't make sense, the Texas Rangers are direct and clear and so obviously in contempt of the FBI that it is hard for me to watch it.
My father is not around to see this (pancreatic cancer), but I remember him saying before Waco that the four best police agencies in the world were (in order) the FBI, the Texas Rangers, the Texas Department of Public Safety, and the Mexican Federal Judicial Police. After Waco, he never brought it up again.
The iron law of beaurocracy is that only first rate people promote first rate people. Second rate people promote third rate people, third rate people promote fourth rate people, and so on. I think that it is time for housecleaning in at least one are (the FBI). Clearly, this can be extended to other places.
Re:Stealth Operation? (Score:1)
In SP5 they made some mistake, due to which the alleged backdoor can be seen.
I still don't believe it's really a backdoor though until I see some proof of that, but hey, it's nice pro-Linux press.
Greetings,
Ivo
Some NSA backdoors are explicit (Score:5)
Second, every copy of Lotus Notes carries an explicit NSA backdoor, called the "Cryptographic Differential Work Factor". Essentially the point is that part of every secret key is encrypted with the NSA's public key, so where we would have to brute-force 128 bits to get in, they have to brute force only 40. So there's precedent; it's not as implausible as some people here seem to think. It may not be a back door in the simplistic way some people are thinking of, though.
The algorithm the guy used to find the key is documented in Adi Shamir and Nicko van Somoeren's paper "Playing Hide and Seek with Stored Keys" - you can find a link to the paper here [demon.co.uk] alongside my implementation of the technique described.
--
Re:Comedy of errors (Score:1)
4) The NSA just wants to make it easy for them and
if MS didn't screw up probably no one would know. Who the hell wants to hack into a box
when you can have a backdoor. Also there is
nothing saying a foriegn agency of some sort
couldn't make NT less hackable, although
IMHO they would be using Unix in first place
but you never know.
Of course this assumes the who thing is really what it looks like.
who knows these days, eh?
vmware (Score:1)
Who am I?
Why am here?
Where is the chocolate?
Re:Encryption is needed now! (Score:1)
Let's see...
First Microsoft uses questionable business practices to monopolize the market, and the government is a little slow in acting upon that, ensuring Microsoft products like Windows and Office are installed on most of the world's PCs.
Then we see articles like this: Feds Want Access to Your Machine [209.207.224.40] where the Government wants to make it easer to search for passwords and override encryption using 'devices, if necessary'.
And third, we find that (if this is true) function calls to make access easier may already be installed on Windows computers.
wings
Re:Encryption is needed now! (Score:1)
Re:Isn't this illegal? (Score:1)
anything it wants to.
It's a free country.
mama if that's moving up then I'm moving out (Score:2)
a) The leasing company owns it, I just pay to use it.
b) The leasing company has a key which they use to enter my apartment with or without my consent.
c) They take their sweet time about fixing stuff.
If someone were giving away free land with housing on it I'd move in a nanosecond because:
a) I would not have to continually pay the leasing company rent despite shoddy maintenance.
b) No one else gets a key unless I give it to them. I still can't stop a determined government agency from barging in, but at least they can't just waltz in because the leasing agency doesn't mind handing over my key.
c) I'll deal with mowing the lawn myself especially if the house is well built and helpful neighbors take care of fixes/improvements in a timely manner--free of charge no less!
I'm not exactly hopeful that I'll find such a situation, at least not in RL.
numb
We need verification! (Score:1)
Re:Stop being so paranoid!!!!!!!!!!!!!!!!!!!!!!! (Score:1)
The phrase "If you ain't breakin' the law you ain't got nothin' to worry about" was one used frequently by government snoops during the McCarthy era witch hunts.
And you will hear Nazis uttering similar phrase too in old grade B black and white melodramas.
If you are not doing anything illegal then the government does not even have the right to inquire and we need to make sure it stays that way.
Yet another reason to abandon Micro$oft. Real operating systems don't need mice.
Menwith Hill (Score:1)
Re:Shocking (Score:1)
Oh, and miss the golden opportunity of a story to put X-Files to shame? It's all really obvious to me.
JFK Jr. knew about it, and tried to counteract the NSA by flying away to Mexico in a plane. Now, the NSA were afraid, so they contacted Naval Intelligence, who downed JFK Jr.'s plane by using the HAARP project and a bit of plutonium from Cassini.
But fortunately, the aliens infiltrated Microsoft (not that it's hard) and they mind-controlled the programmer to put the REAL key value of NSA_KEY in place! And it's up to the Linux community to save the world and provide strong crypto to dolphins to they don't end up in the FBI's tuna salads.
It's not because it's false that it ain't fun. :)
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Off-Topic, but really funny... (Score:1)
where the last few words actually mean "the so-called Crypto API" (and are short for "die sogenannter Crypto API"). This is translated by BabelFish as
which is in fact a very quite appropriate translation, even if it is right for the wrong reason...
One assumes "sog" is the past perfect conjugation (sp?) of a verb that actually means "to suck" in a more or less literal sense.
Re:Computer "BUG" (NSA listens in) (Score:1)
but I'm just crazy
No, you're not necessarily crazy.
The way I remember it here in the Netherlands a group of criminal defense lawyers complained about a year ago. In a lot of their cases a phone tap was authorized against (suspected) criminals, after which the police reports mentioned that the phone was accidentally off the hook while criminals were chatting (not on the phone mind you, just in the room) about their endeavours.
The lawyers thought, 'hey our phones are never off the hook, why are our clients so clumsy!'.
So some independent institute (not Mindcraft) did some tests and as it turns out for a lot of phonenetworks in the Netherlands, when you put a high frequency directly on the twisted pair line, you can listen in even when the phone is on the hook....
Re:My God, It's a global conspiracy! (Score:2)
PGP (Score:1)
NSA isn't the bad part (Score:1)
but think about this - you can remove it.
so basically a new key can be loaded into your computer to allow non-authorized CryptAPI calls to be made.
Does anyone else find this very disturbing?
I don't know if i'm catching the doc right or not, but couldn't a trojan progam be loaded overwriting the NSAKAY variable to a new key, which could then authenticate a certificate for some no-name site that could then, when you visit it, install apps on your computer at it's choosing?
again - to busy to go into the details of the doc - so i appologize if i'm completely mistaken.
well back to work now
Why the NSA would do such a thing? (Score:1)
Re:Running screaming to Linux? (Score:1)
What I plan on doing is redesigning my system layout so that it is a dual-boot Linux/Win98 system, with nothing important under Win98 because it will be there solely for the purpose of playing games (which is about all its good for it seems), and all of my personal information, and written materials safely over on the linux side (and now it seems, probably encrypted as well). I don't have anything to hide from anyone in particular, but I sure dislike the idea of a foreign government agency (I am Canadian) being able to pry through my information, without my permission and in complete violation of the law.
Mind you the US is heading towards becoming a World Empire anyways - First Echelon, now this bs.
Linux Here I come, full steam!
The downloadable "fix" (Score:1)
Re:Is it possible this is a decoy? (Score:1)
I guess it's a battle of the lesser of two evils, broken implentation vs. strong implentation written by the organization that everyone seems to love to hate
No. (Score:1)
No laws apply to the NSA. Seriously, I'm not making this up. They cannot even be compelled by Congress to officially admit they exist. They are simply, by charter, not under the authority of anyone (as far as we know, of course. And "Charter" is kind of a vague word here too-- no one outside the agency is really sure what their charter is, as the only document that could be called their "charter" has never been released to anyone, either). And SIGINT is their business, wherever the SIG's may come from, or go to. For the most part, they've tended to view their mission as foreign intelligence, but they've certainly not been above domestic snooping when they feel it's in their interests. Not to mention their collection of domestic data for foreign countries and turning it over unexaminied (UK/USA). Big Brother is most definitely watching.
Re:We all knew MS was looking in on us...:) (Score:1)
It's not all that hard to envision somebody from NSA being introduced to somebody from M$, and after a drink or two, discussion rolls around to those twin hobbyhorses, Terrorism and Narcotraffic. "Hey, you could really help your country out here by just putting in this little bitty ol' hack..."
If you really like conspiracy theories, here's the quid pro quo: "We can talk to some people (read: harrass or coerce some people) at DOJ to cut you guys some slack on the antitrust thing -- you know, slap-on-the-wrist, admonish you to play fair, just enough to satisfy the media that Justice Was Served [Commmentor's note: I mistyped "Serviced" at first], and you guys can get back to business as usual."
Get the word out NOW! (Score:1)
Re:That's just being lazy (Score:1)
Ok, so you personally have looked at every line of code that Linux runs, and have personally verified every single bit of it? If so, I congratulate you
In fact, the particular case that I was mentioning was if I had a piece of code (Lets say majordomo), and I just wanted to add one neat bit of functionality into it. I'm going to search through the code skimming it to find what looks like the area my code should fall, and insert it there. I'm not going to take the time to fully figure out what all of the program does, just to follow the flow enough to get where I am wanting to be, and I think that most other programmers I know work the same . . .
This is horrible! (Score:2)
This a horribly wicked infringement on our Privacy and on the Privacy of others.. this had better reach the ears of the populace. For once a wide-spread scare such as as the one that this might incur could actually produce "helpful" legislation, instead of the backwards kind that always seems to arrise from terrible events but actually ends up doing no good... from this we may actually be able to get some good done.
Sure, I am now secure in my Privacy, I am behind a firewall, I'm starting to use SSH, I really only use Linux as my main OS (though I do use Solaris and plan on trying out FreeBSD). However, we mustn't forget our "friends" that use WinX or those we work with.
Re:One more nail in the coffin... (Score:2)
Re:Is it possible this is a decoy? (Score:2)
Basically being open source doesn't prevent something from being back doored, but it does make it harder. Not to mention the ComBot example isn't the greatest, it could have been hidden better.
Re:Encryption is needed now! (Score:2)
I remember that anonymous site getting raided because Scientologists were unhappy about a very vocal critic used that site to post very unflattering things about them. It was an army of lawyers from hell that ended what many thought was a great service. The computer was taken and the logs were no longer secret...
*What* DES back door? (Score:2)
I don't believe any of your three possibilities. I think it's exactly what it seems, and that the NSA like to have their lives made easier.
--
Re:Computer "BUG" (NSA listens in) (Score:2)
And they could remotely install a plug-in to get your keyboard to capture your fingerprints in case you download any kiddie porn, and turn your monitor into an x-ray machine so they can take pictures of your brain while you play quake to tell if you are a potential school-shooter.
Geez, too bad the NSA doesn't have anything better to do than spy on average computer hackers. Guess they got tired of interecpting everyone's email and following foriegn nationals around watching for them to rent u-hauls and buy fertilizer.
Re:NSA Security (Score:2)
Re:Computer "BUG" (NSA listens in) (Score:2)
Microsoft admitted working with NSA! (Score:3)
This CNN Story [cnn.com] last year talked about the pressure tactics the NSA uses.
In the article, Ira Rubenstein, Microsoft attorney and top lieutenant to Bill Gates, says:
"Any time that you're developing a new product, you will be working closely with the NSA," he noted.
You Linux guys ought to remember the K&R backdoor. (Score:2)
A couple of years ago, Ritchie revealed that he had put a back door into the original UNIX login program that no one ever caught: He added code to the C compiler so that if the compiler was compiling login.c, it would inject the back door function. He then added code to the compiler so that if it was compiling *itself* it would inject the code to create the login back door.
He then deleted the code from the C compiler source. You could examine the source all you wanted - but when you recompiled the compiler, it inserted the backdoor creation code into the new compiler - and when you compiled login.c, it would add the back door to the login executable.
He claimed the trap door existed for years on many ports of UNIX. Any port of UNIX that was built using a cross-compiled version of the original C compiler had it.
It would be straight forward to replicate this process in GCC. It would spread much more slowly (unless you managed to get your binaries picked up by a major mirror) but it would be nearly undetectable.
--
How about IE5 (Score:2)
Re:Encryption is needed now! (Score:2)
We need to insure that total anonymity on the net is available forever. Cryptography will make that possible.
and it will help people shut out spam
Getting rid of spam won't be that easy. We don't have anonymity in the world of telephones, and we still get telemarketing calls. We don't have anonymity in the postal system and we still get bombarded with junk mail.
and get rid of the creepy nature of the 'net as it now stands
Creepy? Err... what 'net are you on?
It will also make people accountable for what they say in public online, just as we're accountable for what we say in public in the real world.
I read that as 'it will have the same chilling effect on free speech that we see in the real world'. Just as it is possible to circumvent public accountability in the real world, it will continue to happen online.
These are good things.
These are at best pipe dreams. At worst, they will lead to big-brotherism.
Maybe what we need to do is allow people like you that are afraid of somehow, possibly, being offended by something to just filter out anything that is anonymous. But why prevent the rest of us who think that a few Anonymous Cowards out there might occasionally have something worthwhile to say from listening if we want?
Re:Computer "BUG" (NSA listens in) (Score:2)
Erm... *about* No Such Agency (was Re:Duh!) (Score:2)
Do you really think the NSA has the type of budget problems...
As Ricky Ricardo used to say, "Loooosseeee, lemme 'splain you something." The NSA ain't got no budget. Not in the traditional sense of the term, anyway. They're not required to submit one to Congress for approval. They just get what they ask for, and the dollar figure is classified. As are basically all of their activities. And what's more, unlike the CIA, they have *no* legal restrictions against *domestic* intelligence activities -- seems that during those pesky Church Committee hearings on the CIA's antics, everybody conveniently forgot to ask where the ELINT came from.
Having typed all this, I look forward to that funny click on the line when I pick up my phone tonight. Or maybe my head will just disappear in a pink cloud as I'm driving to work on Monday morning...
Re:Security hole? Really?? (Score:2)
To sign a document:
1. Calculate a hash of the document (MD5 is the common method).
2. Encrypt the hash with your private key.
When the user want to verify that it came from you, they:
1. Calculate the hash of the document.
2. Decrypt the provided hash with the public key and check if they match.
So, at this point you know:
1. That the document was not modified since it was signed.
2. That the document came from the source that it was intended to come from.
The reason Microsoft is signing the security modules is to prevent someone from subsituting the DLL and then comprimising your security. (Since you can't sign without the private key).
Now, if this second key (and the third one for that matter), belong to another party, it means that your computers will accept security modules signed by them to run. However, only entities with the matching private key can release the modules.
This validation mechanism only affects the loading of the security module, not the actual secured data. The author of the security modules does not implicitely have access to the encrypted data without the private keys used to encode them. It would have to get your private keys, and then store them somewhere or send them somewhere in order to be able to read your data.
$NAZI =~ fascist (Score:2)
the Nazi party was "National Socialist" how could they be "right wingers"?
Technically, they were [are] fascist, regardless of what they called themselves.
Honestly, totalitarianism or statism is totalitarianism or statism, regardless of which side of the aisle you choose to stick it on.
Whether it's conservatism or liberalism that you take too far, you invariably end up at the same place. The political spectrum is circular.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Encryption is needed now! (Score:2)
However, as I was saying, what all this really means is that the original poster is off base in thinking that anonymity on the Net is so much worse than what happens in real life.
Re:Is it possible this is a decoy? (Score:2)
Now granted, the person who is doing the hiding has to be MUCH trickier about doing it
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . .
Because they are very obscure lines of code, that don't seem to be what you are looking for, so you don't take the time to 'play computer' and try to figure out what they are
Well, this is another argument for getting source. (Score:4)
Verification? was Re:the begining (Score:3)
At least, it DOES appear that there is more than one key available in the crypto packages. Whose keys? This should be the rallying call, and since we don't have the code, we can't tell.
This is a VERY good reason to be suspicious of Microsoft products.
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Andrew
----
Re:You know, many of us like to bash M$ (Score:2)
I'm personally certain it's legit. (Score:3)
(2) the _NSAKEY certainly refers to *a* public key. It's a stretch of unusually high entropy data, which nearly always means cryptographic data: even compressed stuff doesn't look like that. Furthermore, it's being fed to BSafe's public key routines: look at the CCC's debugger output.
(3) Micros~1 wouldn't fuck around with that sort of thing. I don't think anyone's going to label a public key "NSAKEY" as a joke.
(3) But the NSA are very likely indeed to put pressure on them to introduce this sort of "feature" - it's quite a common occurence for a guy with a sharp suit to turn up at the offices of commercial crypto implementors and discuss, let's say, how best to speed the export process. In the case of Lotus Notes, they did it entirely above ground, although the Swedish Government didn't read the small print when they banked their information system on Notes and they were quite annoyed to discover that the NSA had a way in.
Put aside your speculation: this is the real thing. The NSA hold the private key that allows their software to do pretty much whatever they want to the CryptoAPI system, if you'll consent to run any code they've had their hands near. And we all know how tricky that is.
Personally, I'm ecstatic: the unearthing of this information is a huge boon both to the Open Source and crypto-security communities.
--
A "sodroller"? (Score:2)
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Enlightening NTBUGTRAQ Listserv posting [Long] (Score:2)
-----Original Message-----
From: Russ [mailto:Russ.Cooper@RC.ON.CA]
Sent: Friday, September 03, 1999 2:58 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: CryptoAPI and _NSAKey issue
-----BEGIN PGP SIGNED MESSAGE-----
This is also available at http://ntbugtraq.ntadvice.com/_nsakey.asp
Whoa horsie...
I had a long chat with Andrew Fernandes this morning, as well as
another chat with others, and of course I've had a ton of messages
sent my way with various links to various stories about the issue.
I wanted to get a few things straight before I sent this message, but
given how quickly things are spreading it makes sent to send something
interim.
Ok, so here's what I can tell you.
1. Andrew's speculation about the _NSAKEY being a backdoor for the NSA
is based on;
a) The variable is called "NSA".
b) Its a second key, not known to exist in Windows previously.
c) What possible purpose would a second key serve?
d) Its presence, arguably, weakens CryptoAPI (Andrew explains this on
his website at ,
I'll elaborate more later.
2. Sources close to Microsoft say that the key is a "Backup" key. It
is owned by Microsoft, and only Microsoft have the private key to it.
The key was named "_NSAKEY" because the NSA insisted that Microsoft
include a backup key in their CryptoAPI before the Commerce Department
would approve its inclusion in NT 4.0.
Editorial
- ---------
There's a bunch of somewhat understandable furor going on over the
idea that the NSA might have a backdoor to Windows. Unfortunately,
however, all of this is based on a variable name. Anyone who programs
knows that variables might get named anything for a variety of
reasons. One would expect that they would be named descriptively, but
alas, not everyone follows such stringent conventions (can you spell
"Easter Egg"?).
The Conspiracy Theorist's theory goes;
- -------------------------------------
- - The NSA has a signing key on your box.
- - The NSA can implant a Trojan to replace the module which performs
encryption on your box with one that doesn't perform encryption, and
because the failure of signature verification against Microsoft's key
is silent, they can get their trojan'd app up and running without you
being any the wiser.
- - The NSA can then sniff your traffic, now being conducted in
plain-text.
There's obviously a ton of variations possible on this theory, they
take your private key, they replace your key with another, etc...
They only have to get a Trojan to you and get you to run it, and as
those same Conspiracy Theorists always say, there's
likely bugs in the OS designed to allow them to do
this...
Yeah, could be true.
My take from Microsoft's Perspective;
- ------------------------------------
- - We want to have one build of our products that simultaneously
supports weak or strong encryption functionality.
- - We want to be able to ship this one product world-wide, changing as
few bits as possible for those that are being shipped outside the U.S.
and Canada.
- - We'll build an API (good, bad, or otherwise) that allows the
controlled bits to be inserted into an infrastructure, then get the
infrastructure approved, and all will be good.
- - Commerce (with advice from lots of people including the NSA),
agrees, and tells Microsoft they have to sign everything that can use
the infrastructure. That way, Microsoft can ship its product anywhere,
and Commerce will know that only those products that have been signed
by Microsoft will be able to run on the OS.
- - You want to build a Cryptographic Service Provider (CSP), the module
that performs the encryption, you gotta get Microsoft to sign it for
it to run. Microsoft doesn't sign anything that doesn't have the
appropriate Commerce Department Export approvals first.
Wonderful, life's good, Microsoft doesn't have to manage multiple
versions based on Crypto-strength, folks can implement whatever crypto
they want (assuming its Commerce approved).
Oh, the second key, I almost forgot;
- -----------------------------------
I'm told the NSA insisted there had to be a backup. No explanation as
to why yet, that's what I've been told. One theory that made a lot of
sense to me was the simple idea of;
What happens if Microsoft's key is ever compromised? Well, they'd
simply revoke it, right? Yeah, but the problem is that you'd have no
way of telling a Microsoft system that there's a new key. You'd have
to rely on the old one to tell it about the new one. But if there's a
backup key, and they're kept separate, you could use the Backup to
verify the new key to replace the primary.
That's only meaningful to Microsoft since there's no revocation lookup
being done on the primary anyway. Microsoft would have a way to
salvage its name by using a new key. In practice, this would be near
impossible to deploy, but hey, at least there's a way to do it
securely.
BUT!!!
- ------
Andrew's discovery goes beyond this NSA stuff. There's a real issue
here. Andrew has found that by replacing the _NSAKEY with one of your
own, you are able to add a CSP to the system signed only by you. This
by-passes Microsoft's signing controls (the ones Commerce needed to be
in place to allow Microsoft to ship its products world-wide).
As Andrew says, "Export controll is effectively dead for Windows."
More importantly, it means you can add a CSP that does whatever you
want it to do, and then modify existing Windows
CryptoAPI such that they are signed by you instead of Microsoft. This
will cause them to fail the Microsoft signature verification, but
they'll pass verification against your own signature. Windows will
silently let them run and do whatever it is you want them to with the
CryptoAPI environment.
In theory, you create your own CSP to replace Microsoft's supplied CSP
(implementing whatever you wanted in it, say boosting 40-bit to
128-bit), modify the second key to one of your own, install your CSP
over Microsoft's, and fire up any application that uses CryptoAPI. The
signature will fail Microsoft's verification, pass yours, and
everything should work as if you had a U.S./Canadian version.
Fortify for Windows NT (I'd sure love to see
that implemented, anyone up for the challenge?)
It also means the encryption you use on your system could be
compromised in the same fashion, assuming it relies on CryptoAPI
(hasn't this been called for by the U.S. President's commission?)
Andrew's demonstration program effectively proves most of this;
http://www.cryptonym.com/hottopics/msft-nsa/Rep
On the other hand;
- -----------------
If there were only one key present in the system, Andrew acknowledges,
then this wouldn't be possible. However, it would still be possible to
subvert the export controls by trojanning all of the necessary
used with CryptoAPI with ones signed by your key, and then replacing
the Microsoft key with your own. Its a lot more work, but it would
still achieve the same results.
Nobody is suggesting that any of this is a Remote Exploit, or
something you have to worry about receiving in Email. Sure, Andrew's
program demonstrates that a running application can subvert the second
key and implement its own CSP...in memory...which is possible but
unreliable.
Bottom-line:
- ------------
I think the NSA thing is being over-hyped. Sure, its possible, and we
need Microsoft to make their official statement about it to have it on
the record. Once they do, if anyone can prove its not their key I will
happily help them. I doubt anyone will...although I also doubt that
people will readily accept that it is a second Microsoft key (who
killed JFK?)...maybe Microsoft can sign something with the second key
so we could verify it somehow??
Meanwhile, the risk of your system's cryptographic methods being
exploited is limited while folks figure out how it could be done
effectively. I'm looking at how you could audit access or
manipulation, but what's really needed is a TripWire-like
functionality (http://www.tripwiresecurity.com/). Alternatively,
Microsoft should build-in some additional mechanism to verify that
something that should be Microsoft signed, really is Microsoft signed,
and not a blind failover to the second key.
As to the issues of a third key in W2K, I have no information
regarding this beyond what Andrew has said.
More as information becomes available.
Cheers,
Russ - NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
iQCVAwUBN9AoOBBh2Kw/l7p5AQEArgQApuinKKbm2VgQ3et
lhhzz3yYNqCJW0kgubSiPcZoOyHvD3VU2IXLk4CKRqeIhQE
pJQpo08ejP3aozx7AB4+37O7gWkLGcH+wAC8siMpOMMUjgH
ntSOJU8kXus=
=Ihd3
-----END PGP SIGNATURE-----
---------
Titanic Wrecking Crew
Wrong question... (Score:2)
The question is, "Does the NSA care that it's illegal?" The answer is, undoubtedly, no.
It's hard-coded, not simply pre-installed... (Score:2)
Why is NSA public key pre-installed on the Operating System?
I was wondering that too, except the key is not pre-installed, it is hard-coded .
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Wait just a second... (Score:2)
I suspect we'll have massive lawsuits filed within days, and a resulting court order to open the relevant parts of the code.
If the Administration opposes the suit, or if Microsoft loses some more source code, that will tell us all we needed to know anyway, won't it?
Meanwhile, it's fun hitting the news sites every few minutes to see the pecking order of how the story propagates.
Re:Well, this is another argument for getting sour (Score:2)
Thats funny, I found it quite conforting.
Oh, wait, maybe you are on the wrong side of the corrupt, effectively totalitarian, world repressing regime...
-
enh... I think not (Score:2)
Has anyone considered the possibility that Microsoft deliberately left the symbol in, to reveal NSA's presence without risking liability? Or is it just easier for you to blindly attack Microsoft given the slightest excuse?
Replace Microsoft in that sentence with any other major corporation -- Occham's Razor still applies. I could possibly buy that this was deliberate on the part of an individual employee, but I find it highly improbable that the management of ANY large company would make that sort of decision.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
Re:Stop being so paranoid!!!!!!!!!!!!!!!!!!!!!!! (Score:2)
What about personal privacy? What about buissness secrets?
If this is allowed, why don't we just install video-cameras in all houses to make damn sure noone is breaking any laws there, heck why don't we put people in jail to make SURE they don't commit any crimes.
*I know I shouldn't bite on troll posts, I just can't help myself.*
//Somewhat anonymous coward.
Come on kiddies....the NSA is MUCH smarter than... (Score:2)
Another interpretation (Score:2)
Since Windows is a U.S. product, it is subject to U.S. export regulations on strong encryption. This gaff in security may be an oversight, or it may be a way of enabling strong security usage, without torquing-off the D.O.J. any further than it already is.
Though, I don't see why M.S. would not just provide 'replacable' security.
Then again, given M.S. 'reputation' with security, it is unlikely that they would actually do something benevolent in the area. Still, something to think about... M.S. ServPack5 now allows foreign companies (in fact all users) to keep the NSA from peeking in their drawers.
But it's NOT a backdoor! (Score:3)
Even if this is the NSA's key, so what? All it means is that they're hypocrites with regard to US security laws. The key only lets you install new security services inside Microsoft's crypto framework. That's it. It doesn't give you access to any information encrypted by other providers. The only reaon there's a lock on this install capability is to allow Microsoft to meet US export standards on encryption (they can't make it too easy to add strong crypto). If this really is an NSA key, then the NSA just wanted it to be easy for them to install strong crypto.
In other words, so what? This doesn't let the NSA, Microsoft, or anyone else snoop on my encrypted data. And I already knew the government had a rediculous security policy. BFD.
Comedy of errors (Score:4)
No one figured out that backdoor until Microsoft forgot to remove the explicit name NSA_Key in NT 4 SP 5? What kind of joke is this? Or is it a programmer at Microsoft that's covertly working for the Open Source movement? :)
I also find it pretty pathetic that the NSA would need to contact Microsoft and implement a backdoor to access NT. I sure know most crackers I know don't need a friggin' insider at MS to crack NT until it weeps.
So I see three possibilities about this:
It's a hoax of some sort, or a private joke by the NT programmers. It sure is working.
It's a decoy. The NSA has a backdoor somewhere else, much less obvious, and this is meant to make us believe the NSA backdoor has been found. I mean, the alleged backdoor in DES is much more complex and subtle than multiplying my a fixed key when encrypting.
It's true, and the NSA are truly pathetic, and their cryptanalysis talents are severely, severely overrated.
I find the third option to be the most amusing. :)
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
And who is suprised? (Score:2)
Wait just a second... (Score:5)
Encryption is needed now! (Score:2)
If we don't protect ourselves from crackers and rougue governments, hell is going to walk on this planet soon. I predict it happening soon with the current lax security (or complete lack of!)
Damn the NSA. Send it to hell.
Re:Is it possible this is a decoy? (Score:2)
> happen in Open Source software like Linux. Just
> because it is open source doesn't mean that
> something can't be hidden within it.
I agree that it could, but I think it is much less likely. While everyone might not take the time to look at those three lines of code, we don't need everyone to. All we really need is one person to notice and point it out to people.
(this happened recently if I recall, a popular mirror was cracked and code trojaned, but it only took a short while to get things sorted out)
There is also a difference in trust that exists today, though it might not be that way forever. Because of the nature of the people doing the open source work, I have much greater trust in say linus, alan, etc doing what's best for me, than I do in MS or the US gov.
Re:Encryption is needed now! (Score:2)
In many ways, the 'net is a far less anonymous place than the 'real world'.
In the real world I can still send a letter w/o a return address (or even with a bogus return address). If I am careful to avoid leaving fingerprints on it, it is difficult for the recipient to tell much more than what zip code it was mailed from. It would be virtually impossible for someone (or even a gov't agency) to watch every person depositing mail into every public mail recepticle all the time.
In the real world I can still make a call from a public pay phone using coins and/or a calling card (if necessary) that I can purchase with cash at a place like Wal-Mart. If I am careful not to leave fingerprints on the phone, and I do something like record a message in someone else's voice or with a voice synthesizer, it is virtually impossible to tell who made the call.
The preceeding examples haven't caused the real world to come to an end, so I see little reason why what little anonymity we have on the 'net is a bad thing.
Re:Wait just a second... (Score:2)
As expected, msnbc denies [msnbc.com] the association with the NSA. Looks like this article was carefully prepared by the PR chefs to me.
I don't think it's for spying on people (Score:5)
Security hole? Really?? (Score:4)
As far as I can tell, a competitor to Microsoft discovered the following:
* There is not one, but two keys that are used for the verification of CSP modules;
* This key is called 'NSAKEY' in the debug info for some NT4/SP5 executables.
The best you can say is that "this raises questions". It could be a "back door", but certainly no "security hole": the ability to install CSPs on a system doesn't give you a whole lot except the ability to PROVIDE AN ALTERNATIVE METHOD to encrypt/decrypt data. In other words: no existing encrypted data is compromised, and an application has to specify it WANTS to use the new CSP.
Of course it's more fun to start paranoid rants agains "M$" right away, but even for the most fanatic Microsoft-sceptic, it should be clear that:
1. The information is provided by a Microsoft competitor, and very sketchy at that;
2. It doesn't conclusively PROVE anything: just hint at certain vulnerabilities;
3. If the 'back door' indeed exists, its exploit potential is minimal.
Whatever.
Re:Is it possible this is a decoy? (Score:2)
Alleged DES Backdoor by NSA (Score:2)
In addition of being accused of reducing the key length, NSA was also accused of modifying the contents of the S-boxes. When pressed for design justification for the S-boxes, the NSA indicated that elements of the algorithm's design were "sensitive" and would not be made public. Many cryptographers were concerned that the NSA-designed S-boxes hid a trapdoor, making it possible for them to easily cryptanalyze the algorithm.
Since then, considerable effort has gone into analyzing the design and operation of the S-boxes. In the mid-1970s, Lexar Corporation and Bell Laboratories examined the operation of the S-boxes. Neither analysis revealed any weaknesses, although both found inexplicable features. The S-boxes had more features in common with a linear transformation than one would expect if they were chosen at random. The Bell Laboratories team stated that the S-boxes may have hidden trapdoors, and the Lexar report concluded with:
On the other hand, this report also warned:
[...]Various oddities about the S-boxes appeared in the literature. The last three output bits of the fourth S-box can be derived in the same way as the first by complementing some of the input bits. Two different, but carefully chosen, inputs to S-boxes can produce the same output. It is possible to obtain the same output of a sigle DES round by changing bits in only three neighboring S-boxes. Shamir noticed that the S-boxes entries appeared to be somewhat imbalanced, but wasn't about to turn that imbalance into an attack. [He mentioned a feature of the fifth S-box, but it took another eight years before linear cryptanalysis exploited that feature.] Other researchers showed that publicly known design principles could be used to generate S-boxes with the observed characteristics.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Re:Security hole? Really?? (Score:2)
NSA writes a new DES provider that in addition to performing DES, also emails them all keys used (or something more subtle, but you get the idea). Now sign it with NSA private key, and overwrite the old dll with the compromised one. The previous one was signed by MS, this one by NSA, but both have valid signatures. When an application asks for DES encyption, the compromised one is successfully loaded.
What am I missing?
Duh! (Score:2)
-E
CryptoAPI doc's (Score:3)
Not in my edition. (Score:2)
The AES is being selected to replace DES because:
* DES's keyspace is too small
* DES's block size is too small
* DES is too slow, especially in software.
--
Re:Well, this is another argument for getting sour (Score:5)
I returned to the private workforce last year aften ten years with a government entity that I cannot list on my resume. I have a cover (State) and some canned recommendations. I learned AIX while I was working for the government, and then discovered Solaris, which I like a lot. This got me a job last year without too many questions.
You have no idea how bad it has gotten. Let me fill you in:
1. Quotas: they are set in (a place in Virginia) and not in the country itself. So, a posting in some countries (Denmark or Finland) where a)no one really likes or dislikes the US - they could care less and have no real interest in providing information and b)there is just not a lot happening (we are not, for instance, likely to be invaded by Belgium any time soon) is the kiss of death to your carreer because there is no real way to make quota. Unless (and this is key), you fake it. If you have ethics, essentially, fully half of all of the postings by quantity require you to commit treason (by compromising national security by falsifying any and all contacts and records) or treat it as dead time for your future. This is the neat part -- everyone knows the system is horribly broken and every senior person there winks at the violations. Why? Whey did it themselves. Shades of grinding back at West Point (cheating, for those who didn't attend a service academy, is called grinding, and almost everyone does it).
2. Reviews: this has nothing to do with your actual performance in most cases. The station chief doesn't do them -- your immediate boss does. And, just like high school, there is a pecking order and no real control outside of that. Date a secretary that your boss is interested in, your ass is grass. I didn't, but watched someone get transferred into a carreer-ending position for that, with the suggestion in his records that he was compromising security by dating nationals. There is no meritocracy there anymore.
3. Disregard for security: this happened all the time. People would take home AND MISPLACE TS and worse. We had a person leave his briefcase in a bar. We are lucky that the bartender found it. It had detailed response plans for repelling any c/b/r attacks from a country that I can't name, but if you saw it on a map, would look an awful lot like Iraq. This was serious. It was ignored. And then there are the drinking and drug problems, mostly drinking.
4. Security: They do not get you a house at the far end of a one way street anymore. You are lucky if they try to keep your cover secret. They won't help you move in, so everyone knows that you are coming in from DC or VA someplace. They won't pay for a damned thing (not salary, which is very low, but things like furnishing a house or flat as if you really were an American marketing exec). And your family is at tremendouw risk if you take them, as a result. This was one of the main reasons I left. I spoke Spanish, I was not going to get another European posting, had studied Latin America, and had done briefings on narcoterrorism for a number of people, for a number or years. I looked at the house that they had picked out for me in Bogota -- on a busy street, with a wide alley, with overlooking apartment buildings in line-of-sight, in a neighborhood with access from FIVE directions. They couldn't have done worse if they tried. There was no way in hell that I was taking my pregnant wife there, and she felt the same way. So we both quit.
Bitter? Yes, very. But not at the concept, just the execution. At this point, we need to start over.
Comment removed (Score:3)
Larry Ellison said it best when he said: (Score:2)
I'm with Jimhotep on this one..
If they wanna watch you, they'll watch you. They might be doing it right now. Be afraid - be very afraid.
We (they, they of the NSA) can count your shoelaces and read your newspaper from 100,000 feet up. That's orbital for chrissakes.
Bouncing a laser off of a window, and measuring the reflection allows very impressive eavesdropping.
Your driver's license has your current address on it. Ever wonder why? Did you have your baby foot-printed upon birth?
I've never seen it done, but I'm quite convinced that the patternt on your screen and the state of your CPU can be monitored in real time, from a quarter mile away.
Anyone out there care to comment on S.Q.I.D. technology? My understanding is a bit rusty - and as I understand, that's probably a good thing.
The kicker? There's nothing we can do about any of it.
Doubtful (Score:5)
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . . ."
One thing you're forgetting -- generally when package maintainers (Linus, for instance) are reviewing a patch for inclusion in the distribution, they won't accept it unless they understand all the code involved.
If you tried something clever like spreading the changes across several patches, that wouldn't really work either.
[Judas] Here's my patch to fix the support for the[Maintainer] Hrm. I'll have a look.
[Maintainer] What's this little bit of code here do? I think you could probably shave a couple hundred instructions off here if you left it out, and it looks completely unnecessary.
[Judas] There's something screwy with the timing; that was the only way I could get it to work
[Maintainer] Hrm. That seems like a kind of awkward hack to me -- I'd like a solution I could understand better. I just replaced this with a delay loop -- I don't have the blah hardware myself though
[Mailing List] Okay... it seems fine. In fact, one of us tried it without the delay loop, and there weren't any problems.
[Maintainer] (to Judas) I applied your patch; it seems to work fine without the bit of code though, so I just left that part out.
[Judas] Curses, foiled again!
As a modest package maintainer myself, I personally read every patch I get. Even if the patch author isn't malicious, the patch could still potentially fail in a catastrophic way due to a stupid logic error or invalid assumptions.
One thing that some people don't seem to understand about Open Source is that just because some Joe Schmoe produces some code doesn't mean that it'll end up in the official distribution.
It might be easy to read the code in the official distribution, and it might be easy to modify the code in your own copy, but it's nontrivial to quietly modify the official distribution. To submit a patch is to submit that patch to a lot of direct public scrutiny.
Berlin-- http://www.berlin-consortium.org [berlin-consortium.org]
questions (Score:2)
they seem to be saying the debugging stuff was left in in the NT service pack and that you could see the names of the variables used.. well hell, there ought to be all KINDS of interesting stuff in there. beyond the NSAKEY thing,seems like it would be fascinating to just thumb through the variable names and see whatall is there. or was it just the security parts and nothing else that had the debugging? is there really a function called CREATE_RANDOM_GENERAL_PROTECTION_FAULT()? (j/k)
has anyone yet gone ahead and run their program to hacksaw out NSA_KEY like they suggest you do? does NT still run? does anything break, suggesting maybe NSA stands for something other than National Security Agency? how do we know that cryptonym's program actually _does_ take out NSAKEY, and not just replace NSAKEY with a key to let cryptononym in your system? How do we know "cryptonym" is not just a front for a shadowy orginisation working to create a human-alien hybrid so they can have FEMA infect all human life with a strange black substance spread by bees which causes the carrier to decompose, becoming food for alien life form and setting off the alien colonisation of earth?
but anyway, whatever this NSAkey thing does, i say we immediately get RCA or RZA or distributed.net or whatever going on cracking it.
-mcc-baka
hey.. my mac may crash three times a day, but i have yet to hear about any security holes.