Follow Slashdot stories on Twitter


Forgot your password?

NSA backdoor creates security hole in Windows 576

A number of people have written in with the news that Cryptonym has found an apparent backdoor for the NSA (called NSAKEY) in all current versions of Windows. However, you can open this backdoor yourself and install your own strong cryto module in place of the built-in one. More details are also online, but to be quite frank, we aren't quite sure on this one-so, if you're more qualified comment, please do so below.Update: 09/03 11:19 by H :Thanks to Jens Hillman for more information from the German Chaos Computer Club. Der Webpage ist auf Deutsch-Babelfish it.
This discussion has been archived. No new comments can be posted.

NSA backdoor creates security hole in Windows

Comments Filter:
  • Not quite as bad as that. Check the PGP FAQ which talks about the relative merits of the different algorithms.
  • That is exactly why I don't believe in socialist. For some reason government just can't take issues seriously. While in a capitolistic company, every thing that could possibly go wrong is taken with the upmost seriousness usually. (This is one reason I'm not worried about y2k in america)
  • I REALLY liked it when windows decided it wanted to run away with (one, just one) of my CPU's on my nice P2 400x2 machine. I tought it right quick -- kill -9 vmware fixed it right nicely.

  • AC writes:

    I remember him saying before Waco that the four best police agencies in the world were (in order) the FBI, the Texas Rangers, the Texas Department of Public Safety, and the Mexican Federal Judicial Police.

    Every so often someone in the British establishment says 'British [X] is the best in the world'. It's always a sign of a major scandal brewing in [X], whether that's beef, banking or beaurocracy. 'The best in the world' means out-of-touch and complacent, and out-of-touch and complacent is very, very close to corrupt.
  • Thanks for the correction - I had forgotten who had actually written the trojan.

  • First, it isn't FUD, it was done - although (as another person pointed out) it was never released outside AT&T, which contradicts what I had originally read, but I guess Thompson would know better than I what he did with the Trojan.

    Second - That doesn't eliminate my main point: There's no reason why someone with access to one of the main GNU distributions sites couldn't pull the same trick off today, by slipping the trojan into gcc.

  • It was NT3.51, on very specific hardware (A Compaq somethingorother), and C2 orangebook only.

    MS has of course used this to imply that NT has been C2 certified -- worded carefully so as not to be an outright lie.
  • i have a feeling this is just the begining to a lot of government related spying-on-your-computer stuff. we'll see. sure we've heard a lot about it but is it happening now to a huge extent?
  • *If* this is true (I don't have Windows, so I can't try and check!) then surely its one more reason for Linux to be trusted over Windows. Or (more accurately) for open source to be trusted over closed source.

  • by Anonymous Coward
    It was easy to discover so maybe it's just a coverup for something larger NSA put in there, which is still active? Good thing this can't happen with Open Source software like Linux!
  • If you can fix it yourself

    Well, that's almost impossible for half of the Windows population.. and hardly possible for people who know what they're doing :)

    How come I'm not surprised when I hear about more and more backdoors in Windows?

  • I've answered a lot of questions from coworkers, friends and acquaintences regarding Linux as an OS. While most of them "get it" they've had no REAL* reason to run screaming from Windows to Linux

    (* By this I mean some compelling reason for overnight change.)

    Previously, what it would have taken to get these people to switch from Windows to Linux was a more refined Gnome/KDE and a more graphical installer (sorry gui RPM, while powerful, is just too different).

    Now they're scared..

  • so, what was all that commentary about excessive parinoia? It seems pretty clear that those of us who tend to trust in governments and big busines's good intentions should revise our opinions.
  • The fact that some American agency can spy on supposedly "secure" systems in other contries may make their admins think twice about using Windows (or any other closed OS). This is something even the PHB's can't ignore.

    I know if I owned a company, I sure wouldn't want NSA taking my company data to help out some American company. Yeah, sure, they are not supposed to, but what is to stop them.

    So admins in countries other than US: start looking at open *nix systems. You can actually have some security with *BSD and Linux.

    (Heh. Just like America seems to be the last country still holding off on the metric system, it will be the last country still using Windows.)
  • It's really kind of sad. I read the article straight from slashdot and not even *I* got the feeling that the NSA had anything to do with this, and I'm one of the biggest anti-ms/government types here at the office. Is this company reputable? Aren't they being stepping rather lightly on the side of slander/libel ( i forget which one applies) on Microsoft? It seems rather irresponsible on thier part. Maybe I'm just feeling semi-pro MS today after reading the Newsweek interview with Bill Gates. At least he's putting his money to good use.
  • If they actually used it to actively spy on people without a warrant then a qualified "yes". Basically it's the same deal as with key escrow, just because they *can* use it to spy does not necessarily mean that they will use it. They are supposed to obtain a warrant before doing that sort of thing.

    The problem that most people have is that some government agencies are a little loose about obtaining warrants, or alternatively the judges may be a little too loose about granting them. The very fact that they could be able to access all your data without your knowledge is what riles most folks.
  • by MacJedi ( 173 )

    No one figured out that backdoor until Microsoft forgot to remove the explicit name NSA_Key in NT SP 5? What kind of joke is this? Or is it a programmer at Microsoft that's covertly working for the Open Source movement? :)

    It could be a joke. It could be nothing at all. But why are there two keys- and why was this kept hidden? Sure, if it is the NSA that has backdoored Windows- that is a Bad Thing(tm). But I don't care if a janitor that put it in there- a backdoor is a backdoor is a backdoor.

    Also, I think that this would be exactly the way that the NSA would invade our privacy- through collusion. Why spend the time cracking an OS when you can have Bill and his boys save you the trouble? If you need another example, look at Echelon. Don't spy on your own people, spy on the others and trade the information. Same idea.

    It's a decoy. The NSA has a backdoor somewhere else, much less obvious, and this is meant to make us believe the NSA backdoor has been found.

    This is a real possibility, but I don't think so. Why bother making a decoy if the source is closed? We may have never found it had not someone droped the ball with SP5. I'm not saying there aren't other backdoors elsewhere, for all I know the entire TCP/IP stack is rigged, but thanks to closed source and unethical collusion it's likely no one will ever know.

  • And not without reason, certainly. OK, here is another problem with a Microsoft product, big shock. Hotmail had a "back door", no kidding.

    BUT, that does not give anyone the right to be pricks.

    Someone I work with was just flamed by another person to whom my co worker had sent a document in an M$ format. The recipient was a Linux user, and the only geeks my co worker has encountered were me and the geeks here (i.e. some laid back MFs)

    For many of us there is no alternative, we have to be compatible with other businesses. Yes, there are products that will open Word/Excel documents, but going back again is not always easy. Any of you ever try to open a Claris document in Word 98 on a Mac? It gets all buggered up.

    Spreading the Linux/Unix gospel would be _much_ easier without people being smeg heads about it when someone uses a different platform. You want a Mac? Be my guest. You think Win98/NT is the bees knees? Knock yourself out. You want a powerful, stable

    All we do when we flame people for standing up for M$ or using their products is make the Linux/Unix community look bad, like childish, bad tempered simpletons. It is counter productive to flame, mail bomb, or crack someone for using or liking another product.

    Here is a neat idea. Before you write that flame, pretend that person is right in front of you. Or better yet, remember that it makes YOU look bad.

    *rant mode cancel*

    Sorry, I just don't understand why people who would otherwise be perfectly polite and cool suddenly become total a**holes over really stupid smeg.

    blah blah blah, I'll shut up and drink my beer :)

  • I've read that phones can be listened to
    even when on the hook

    but I'm just crazy
  • We have here a widely known security agency, which, I get the strong impression, could pull on the skills of some very competent crackers should it be required to... And a notoriously insecure OS. Why on earth would they need a back door?? If these guys want in, they'll get in, and work out a tool to do it to any machine they care to name... Just doesn't make sense.. I'd assume the key refers to something else with the same acronym. Malk
  • How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.

    Pretty much everyone and everything under Windows, directly or indirectly ... ActiveX code signing, Outlook, Internet Explorer ... authentication, I think ... you name it.

    Berlin-- []
  • Good you mentioned the FBI. I have a lot of respect for and know a lot of old FBI agents by virtue of my father, who was one himself. The difference between the old guys and the new guys is night and day. Waco would never have happened when the people that Hoover had in were running the place -- they would have grabbed him jogging, and gotten a warrant and served it politely and firmly. Torching women and children was inconceivable. I remember my father's reaction -- he didn't say a word for almost a week.

    I don't care if Hoover did spend his leisure time in a nice Chanel day-to-evening and tasteful-yet-daring Ferragamo pumps -- he got in and kept good people who did real detective work. They went out and they detected. And having known quite a few of them, I have to say that they were remarkably good people, in an absolute sense of good. The didn't lie, cheat, or steal. They were good to dogs and children. They were morally inflexible, but that was understandable. I don't know what happened to those people and people like them.

    Lately, with the lastest unpleasant revelations about what ever the Hell happened in Waco, there has been a lot of footage of the Texas Rangers testifying before Congress. They are big, fat, sneaky-looking rednecks. They are probably vicious and quick on the trigger. And damn but they do look like good detectives. Where the attorneys for the FBI keep saying things that don't make sense, the Texas Rangers are direct and clear and so obviously in contempt of the FBI that it is hard for me to watch it.

    My father is not around to see this (pancreatic cancer), but I remember him saying before Waco that the four best police agencies in the world were (in order) the FBI, the Texas Rangers, the Texas Department of Public Safety, and the Mexican Federal Judicial Police. After Waco, he never brought it up again.

    The iron law of beaurocracy is that only first rate people promote first rate people. Second rate people promote third rate people, third rate people promote fourth rate people, and so on. I think that it is time for housecleaning in at least one are (the FBI). Clearly, this can be extended to other places.
  • It's in SP4 too. But in SP4 they removed the debug symbols correctly so that you can't *SEE* it.

    In SP5 they made some mistake, due to which the alleged backdoor can be seen.

    I still don't believe it's really a backdoor though until I see some proof of that, but hey, it's nice pro-Linux press. :-)

  • by Paul Crowley ( 837 ) on Friday September 03, 1999 @01:52AM (#1706952) Homepage Journal
    First, this is being presented at Crypto '99, not Def Con Two. It's peer reveiewed, guys, it's pretty much bound to be legit.

    Second, every copy of Lotus Notes carries an explicit NSA backdoor, called the "Cryptographic Differential Work Factor". Essentially the point is that part of every secret key is encrypted with the NSA's public key, so where we would have to brute-force 128 bits to get in, they have to brute force only 40. So there's precedent; it's not as implausible as some people here seem to think. It may not be a back door in the simplistic way some people are thinking of, though.

    The algorithm the guy used to find the key is documented in Adi Shamir and Nicko van Somoeren's paper "Playing Hide and Seek with Stored Keys" - you can find a link to the paper here [] alongside my implementation of the technique described.

  • Good points but:

    4) The NSA just wants to make it easy for them and
    if MS didn't screw up probably no one would know. Who the hell wants to hack into a box
    when you can have a backdoor. Also there is
    nothing saying a foriegn agency of some sort
    couldn't make NT less hackable, although
    IMHO they would be using Unix in first place
    but you never know.

    Of course this assumes the who thing is really what it looks like.

    who knows these days, eh?
  • if you're trying to avoid windows, don't run vmware...all vmware does is act as a virtual still have to run 'doze on top of it...

    Who am I?
    Why am here?
    Where is the chocolate?

  • Let's see...

    First Microsoft uses questionable business practices to monopolize the market, and the government is a little slow in acting upon that, ensuring Microsoft products like Windows and Office are installed on most of the world's PCs.

    Then we see articles like this: Feds Want Access to Your Machine [] where the Government wants to make it easer to search for passwords and override encryption using 'devices, if necessary'.

    And third, we find that (if this is true) function calls to make access easier may already be installed on Windows computers.
  • It always amuses me when anti-anonymity posts come from ACs...
  • Any part of the government can do
    anything it wants to.

    It's a free country.
  • I hate my apartment. Yeah, it's in a nice neighborhood and all, but it sucks that:

    a) The leasing company owns it, I just pay to use it.

    b) The leasing company has a key which they use to enter my apartment with or without my consent.

    c) They take their sweet time about fixing stuff.

    If someone were giving away free land with housing on it I'd move in a nanosecond because:

    a) I would not have to continually pay the leasing company rent despite shoddy maintenance.

    b) No one else gets a key unless I give it to them. I still can't stop a determined government agency from barging in, but at least they can't just waltz in because the leasing agency doesn't mind handing over my key.

    c) I'll deal with mowing the lawn myself especially if the house is well built and helpful neighbors take care of fixes/improvements in a timely manner--free of charge no less!

    I'm not exactly hopeful that I'll find such a situation, at least not in RL.

  • I agree with the folks who are saying that the link to the National Security Administration is a weak one. NSA could stand for anything. But it is definitely a serious enough matter to warrant further investigation. How can we verify the nature of this key? Are there any MS or NSA contacts out there that know anything? Can we find any case of the NSA key having been used to compromise security? Can we find use of the NSA key anywhere in Windows code? Anyone thought of asking the big-wigs at MS to explain the meaning of the NSA key? Can we get this into the mainstream press, and force a statement from Microsoft?
  • The phrase "If you ain't breakin' the law you ain't got nothin' to worry about" was one used frequently by government snoops during the McCarthy era witch hunts.

    And you will hear Nazis uttering similar phrase too in old grade B black and white melodramas.

    If you are not doing anything illegal then the government does not even have the right to inquire and we need to make sure it stays that way.

    Yet another reason to abandon Micro$oft. Real operating systems don't need mice.

  • Distance has little to do with it... all your traffic would go through Menwith Hill if you lived in Istanbul, Helsinki or Cairo. They watch all of Europe, North Africa and the Middle East from there.
  • Why don't we stick to Microsoft bashing?

    Oh, and miss the golden opportunity of a story to put X-Files to shame? It's all really obvious to me.

    JFK Jr. knew about it, and tried to counteract the NSA by flying away to Mexico in a plane. Now, the NSA were afraid, so they contacted Naval Intelligence, who downed JFK Jr.'s plane by using the HAARP project and a bit of plutonium from Cassini.

    But fortunately, the aliens infiltrated Microsoft (not that it's hard) and they mind-controlled the programmer to put the REAL key value of NSA_KEY in place! And it's up to the Linux community to save the world and provide strong crypto to dolphins to they don't end up in the FBI's tuna salads.

    It's not because it's false that it ain't fun. :)

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • The German Webpage has the following phrase :

    Die von Microsoft für Programmierer zur Verfügung gestellte Anwendungsschnittstelle für Verschlüsselungsfunktionen, die sog. "Crypto API"

    where the last few words actually mean "the so-called Crypto API" (and are short for "die sogenannter Crypto API"). This is translated by BabelFish as

    The application interface for encoding functions, provided by Microsoft for programmers, which sucked. "Crypto API"

    which is in fact a very quite appropriate translation, even if it is right for the wrong reason... ;)

    One assumes "sog" is the past perfect conjugation (sp?) of a verb that actually means "to suck" in a more or less literal sense.
  • I've read that phones can be listened to even when on the hook
    but I'm just crazy

    No, you're not necessarily crazy.
    The way I remember it here in the Netherlands a group of criminal defense lawyers complained about a year ago. In a lot of their cases a phone tap was authorized against (suspected) criminals, after which the police reports mentioned that the phone was accidentally off the hook while criminals were chatting (not on the phone mind you, just in the room) about their endeavours.

    The lawyers thought, 'hey our phones are never off the hook, why are our clients so clumsy!'.

    So some independent institute (not Mindcraft) did some tests and as it turns out for a lot of phonenetworks in the Netherlands, when you put a high frequency directly on the twisted pair line, you can listen in even when the phone is on the hook....

  • You might wanna go back and try that with NSA, CIA FBI and AT&T also! ;-)
  • by Hellsson ( 85897 )
    Does this NSAKEY thing apply, in any way, to use of PGP from Network Associates?
  • yeah it's possible that MAYBE the NSA has this key and blah blah blah.
    but think about this - you can remove it.
    so basically a new key can be loaded into your computer to allow non-authorized CryptAPI calls to be made.
    Does anyone else find this very disturbing?
    I don't know if i'm catching the doc right or not, but couldn't a trojan progam be loaded overwriting the NSAKAY variable to a new key, which could then authenticate a certificate for some no-name site that could then, when you visit it, install apps on your computer at it's choosing?
    again - to busy to go into the details of the doc - so i appologize if i'm completely mistaken.
    well back to work now
  • Becuase of all the lil' script kiddies cracking abunch of sites... And the fact that alot of classified information has been obtain through a windows operating system..
  • What I plan on doing is redesigning my system layout so that it is a dual-boot Linux/Win98 system, with nothing important under Win98 because it will be there solely for the purpose of playing games (which is about all its good for it seems), and all of my personal information, and written materials safely over on the linux side (and now it seems, probably encrypted as well). I don't have anything to hide from anyone in particular, but I sure dislike the idea of a foreign government agency (I am Canadian) being able to pry through my information, without my permission and in complete violation of the law.

    Mind you the US is heading towards becoming a World Empire anyways - First Echelon, now this bs.

    Linux Here I come, full steam!

  • by Anonymous Coward
    The organization that found this has provided a fix available for download that removes the NSA key. My question is, whose key did they replace it with, if any? Their own perhaps.
  • According to the PGP manual distributed with the binaries, MD5 is just about completely broken... Meaning that it is possible to generate new text that conforms to the old signature. The alterntive is SHA, developed by: the NSA...

    I guess it's a battle of the lesser of two evils, broken implentation vs. strong implentation written by the organization that everyone seems to love to hate
  • by kuro5hin ( 8501 )
    I thought it was illegal for the NSA to spy domestically? Or is that just the CIA.

    No laws apply to the NSA. Seriously, I'm not making this up. They cannot even be compelled by Congress to officially admit they exist. They are simply, by charter, not under the authority of anyone (as far as we know, of course. And "Charter" is kind of a vague word here too-- no one outside the agency is really sure what their charter is, as the only document that could be called their "charter" has never been released to anyone, either). And SIGINT is their business, wherever the SIG's may come from, or go to. For the most part, they've tended to view their mission as foreign intelligence, but they've certainly not been above domestic snooping when they feel it's in their interests. Not to mention their collection of domestic data for foreign countries and turning it over unexaminied (UK/USA). Big Brother is most definitely watching.

  • It's not all that hard to envision somebody from NSA being introduced to somebody from M$, and after a drink or two, discussion rolls around to those twin hobbyhorses, Terrorism and Narcotraffic. "Hey, you could really help your country out here by just putting in this little bitty ol' hack..."

    If you really like conspiracy theories, here's the quid pro quo: "We can talk to some people (read: harrass or coerce some people) at DOJ to cut you guys some slack on the antitrust thing -- you know, slap-on-the-wrist, admonish you to play fair, just enough to satisfy the media that Justice Was Served [Commmentor's note: I mistyped "Serviced" at first], and you guys can get back to business as usual."

  • Don't let this slip by. Tell everyone you know and help them to understand the implications of this. We already have several smaller news organizations trying to get a comment from M$. IF the word gets out and the bigger news organizations start to care we will all benefit.
  • If you don't know and don't care to find out what the three lines mean then why the hell are you even worring about how secureyour os is?? What are you going to do trust someone??? Yeah, and like 1000's of other people you get burnt just like them. If I can't see the code, I won't use it on my servers.

    Ok, so you personally have looked at every line of code that Linux runs, and have personally verified every single bit of it? If so, I congratulate you ... However I personally don't know anyone who does this.

    In fact, the particular case that I was mentioning was if I had a piece of code (Lets say majordomo), and I just wanted to add one neat bit of functionality into it. I'm going to search through the code skimming it to find what looks like the area my code should fall, and insert it there. I'm not going to take the time to fully figure out what all of the program does, just to follow the flow enough to get where I am wanting to be, and I think that most other programmers I know work the same . . .
  • You people are talking about how this is good for the Open Source community, and aren't even really expressing the extreme sense of betrayal you should be feeling.

    This a horribly wicked infringement on our Privacy and on the Privacy of others.. this had better reach the ears of the populace. For once a wide-spread scare such as as the one that this might incur could actually produce "helpful" legislation, instead of the backwards kind that always seems to arrise from terrible events but actually ends up doing no good... from this we may actually be able to get some good done.

    Sure, I am now secure in my Privacy, I am behind a firewall, I'm starting to use SSH, I really only use Linux as my main OS (though I do use Solaris and plan on trying out FreeBSD). However, we mustn't forget our "friends" that use WinX or those we work with.

  • Lessee, that would make nearly 3 million people in the US alone, over 50 million worldwide, and all it takes is one to find it and say something...
  • Does anyone else rember the ComBot backdoor? Basically what happened was ComStud, the guy who wrote ComBot (an irc robot) put in a few lines of code that allowed him to have full access to the bot. It wasn't 100% obvious what was going on because the backdoor was placed in two files (one part copied the crypt()'d version of "HAQD" into a global string w/ the comment /* Don't ask, it works */). This was located in main.c. The other part was located in ctcp.c which would crypt() the first word of the ctcp command and if it matched the other string it would treat the command as if it came from the owner of the bot. It took a little while to get discovered, but it did.

    Basically being open source doesn't prevent something from being back doored, but it does make it harder. Not to mention the ComBot example isn't the greatest, it could have been hidden better.
  • I remember a great anonymous remailer in Finland that we used in our college days when engaging in email from from the social newsgroups and getting a penpal. Sometimes being anonymous helps when finding relationships.

    I remember that anonymous site getting raided because Scientologists were unhappy about a very vocal critic used that site to post very unflattering things about them. It was an army of lawyers from hell that ended what many thought was a great service. The computer was taken and the logs were no longer secret...
  • Years of analysis of DES has shown that the only back door in DES was right out in the open: the 56-bit key. Everything we've learned about cryptanalysis in the mean time has shown that IBM (and possibly the NSA) went to some lengths to strengthen DES against attacks we didn't even know about at the time. What are you taking about?

    I don't believe any of your three possibilities. I think it's exactly what it seems, and that the NSA like to have their lives made easier.
  • Ooooh, and I bet they could grab your web cam and take compromising pictures of you with your girlfriend in bed if the computer is in your room!

    And they could remotely install a plug-in to get your keyboard to capture your fingerprints in case you download any kiddie porn, and turn your monitor into an x-ray machine so they can take pictures of your brain while you play quake to tell if you are a potential school-shooter.

    Geez, too bad the NSA doesn't have anything better to do than spy on average computer hackers. Guess they got tired of interecpting everyone's email and following foriegn nationals around watching for them to rent u-hauls and buy fertilizer.
  • It wasn't the NSA, the rating was the "equivalent of a C2 rating" which means absolutely bunk. If it were really C2 Microsoft would have gotten a real C2 rating. And I think all NSA ratings, except D1 which offers no protection require that the machine not be connected to a network and not have a floppy drive. Nothing connected to any network is every 100% secure.
  • no argument. see my reply to the previous post
  • by Anonymous Coward on Friday September 03, 1999 @03:13AM (#1707040)

    This CNN Story [] last year talked about the pressure tactics the NSA uses.

    In the article, Ira Rubenstein, Microsoft attorney and top lieutenant to Bill Gates, says:
    "Any time that you're developing a new product, you will be working closely with the NSA," he noted.

  • A couple of years ago, Ritchie revealed that he had put a back door into the original UNIX login program that no one ever caught: He added code to the C compiler so that if the compiler was compiling login.c, it would inject the back door function. He then added code to the compiler so that if it was compiling *itself* it would inject the code to create the login back door.

    He then deleted the code from the C compiler source. You could examine the source all you wanted - but when you recompiled the compiler, it inserted the backdoor creation code into the new compiler - and when you compiled login.c, it would add the back door to the login executable.

    He claimed the trap door existed for years on many ports of UNIX. Any port of UNIX that was built using a cross-compiled version of the original C compiler had it.

    It would be straight forward to replicate this process in GCC. It would spread much more slowly (unless you managed to get your binaries picked up by a major mirror) but it would be nearly undetectable.


  • I submitted this [] the other day, but I guess it wasn't impo'tant nuff. Basically lets HTML code run ActiveX and do, well, pretty much anything.
  • Then we need to do away entirely with anonymnity on the 'net.

    We need to insure that total anonymity on the net is available forever. Cryptography will make that possible.

    and it will help people shut out spam

    Getting rid of spam won't be that easy. We don't have anonymity in the world of telephones, and we still get telemarketing calls. We don't have anonymity in the postal system and we still get bombarded with junk mail.

    and get rid of the creepy nature of the 'net as it now stands

    Creepy? Err... what 'net are you on?

    It will also make people accountable for what they say in public online, just as we're accountable for what we say in public in the real world.

    I read that as 'it will have the same chilling effect on free speech that we see in the real world'. Just as it is possible to circumvent public accountability in the real world, it will continue to happen online.

    These are good things.

    These are at best pipe dreams. At worst, they will lead to big-brotherism.

    Maybe what we need to do is allow people like you that are afraid of somehow, possibly, being offended by something to just filter out anything that is anonymous. But why prevent the rest of us who think that a few Anonymous Cowards out there might occasionally have something worthwhile to say from listening if we want?

  • No, don't get me wrong, I have a huge distrust of these government agencies' ability and track record to abuse their power. I was just chuckling at the paranioa that your multimedia desktop PC is somehow going to become a magic doorway for the spooks to watch you brush your teeth.
  • Do you really think the NSA has the type of budget problems...

    As Ricky Ricardo used to say, "Loooosseeee, lemme 'splain you something." The NSA ain't got no budget. Not in the traditional sense of the term, anyway. They're not required to submit one to Congress for approval. They just get what they ask for, and the dollar figure is classified. As are basically all of their activities. And what's more, unlike the CIA, they have *no* legal restrictions against *domestic* intelligence activities -- seems that during those pesky Church Committee hearings on the CIA's antics, everybody conveniently forgot to ask where the ELINT came from.

    Having typed all this, I look forward to that funny click on the line when I pick up my phone tonight. Or maybe my head will just disappear in a pink cloud as I'm driving to work on Monday morning...

  • This isn't an exploit at all. For those of you who don't know how signing works, here's a quick overview:

    To sign a document:
    1. Calculate a hash of the document (MD5 is the common method).
    2. Encrypt the hash with your private key.

    When the user want to verify that it came from you, they:
    1. Calculate the hash of the document.
    2. Decrypt the provided hash with the public key and check if they match.

    So, at this point you know:
    1. That the document was not modified since it was signed.
    2. That the document came from the source that it was intended to come from.

    The reason Microsoft is signing the security modules is to prevent someone from subsituting the DLL and then comprimising your security. (Since you can't sign without the private key).

    Now, if this second key (and the third one for that matter), belong to another party, it means that your computers will accept security modules signed by them to run. However, only entities with the matching private key can release the modules.

    This validation mechanism only affects the loading of the security module, not the actual secured data. The author of the security modules does not implicitely have access to the encrypted data without the private keys used to encode them. It would have to get your private keys, and then store them somewhere or send them somewhere in order to be able to read your data.
  • the Nazi party was "National Socialist" how could they be "right wingers"?

    Technically, they were [are] fascist, regardless of what they called themselves.

    Honestly, totalitarianism or statism is totalitarianism or statism, regardless of which side of the aisle you choose to stick it on.

    Whether it's conservatism or liberalism that you take too far, you invariably end up at the same place. The political spectrum is circular.

    Berlin-- []
  • Well, anonymity isn't easily legally accomplished on the Net. If one is willing to resort to illegal means, it is fairly easy. If one is willing to find a publicly accessable computer (such as a university lab, public library, etc) and use an email service that doesn't strictly check info, then it could be pretty difficult to trace, but not very convenient. This may or may not change as 'internet kiosks' become more common.

    However, as I was saying, what all this really means is that the original poster is off base in thinking that anonymity on the Net is so much worse than what happens in real life.

  • Ummm, sorry to burst your bubble but this COULD happen in Open Source software like Linux. Just because it is open source doesn't mean that something can't be hidden within it.

    Now granted, the person who is doing the hiding has to be MUCH trickier about doing it ... but still, how many times have you been looking at someone else's source code and said:

    "What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . . ."

    Because they are very obscure lines of code, that don't seem to be what you are looking for, so you don't take the time to 'play computer' and try to figure out what they are ...

  • by Anonymous Coward on Friday September 03, 1999 @01:05AM (#1707138)
    I really don't care about the licence, as long as I get the source. I would preferr GPL, but I want the source. I didn't used to feel that way, but as time has gone on I have changed my mind. The issue is less that the NSA is spying -- we need spies -- but that the whole national security apparatus of the US has ceased to be effective. CIA agents abroad have to meet quotas for recruiting foreign nationals. Not USEFUL foreign nationals, just somebody. They don't meet the quotas, they don't get good reviews. I have had friends who have worked for the NSA, and outside of a few areas, most of these people are carreer beaurocrats making their numbers. Like bosses who make up for management skill by saying that they will fire anyone 5 minutes late, the NSA is making up for the fact that most of the good spies left during the Bush Administration by compromising everyone, so that they can do their work without having to try hard. It doesn't have to be USEFUL work, just something to meet their quotas. The real issue here (well one issue, the other being the utility of having the source) is that we have let the goverment decay to the point where it is a danger to us.
  • This is interesting, but how do you prove it? I mean, all they've got is the fact that NSAKEY showed up as a debugging symbol. Sure NSA happens to be the acronym of a particularly annoying secret government agency, but...

    At least, it DOES appear that there is more than one key available in the crypto packages. Whose keys? This should be the rallying call, and since we don't have the code, we can't tell.

    This is a VERY good reason to be suspicious of Microsoft products.

    How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.

  • Amen. I don't care for Win9x (and if you read the article, the 'backdoor' is in there as well), but I have to use it because of my chosen profession. Plus, I like to play games. Sure, Linux is great for everything else, but until it gets a *FULLY* compatible Office app, and a tons more in terms of recent or coreleased commercial games, I cannot get rid of Microsoft products.

  • by Paul Crowley ( 837 ) on Friday September 03, 1999 @02:42AM (#1707167) Homepage Journal
    (1) The paper's being presented at a rump session, so it won't appear in the list of accepted papers. It won't have gone through the same rigourous review as an accepted paper, but hell, they wouldn't let the crypto loonies of this world (David A Scott aka SCOTT16U.ZIP_GUY) present such a session.

    (2) the _NSAKEY certainly refers to *a* public key. It's a stretch of unusually high entropy data, which nearly always means cryptographic data: even compressed stuff doesn't look like that. Furthermore, it's being fed to BSafe's public key routines: look at the CCC's debugger output.

    (3) Micros~1 wouldn't fuck around with that sort of thing. I don't think anyone's going to label a public key "NSAKEY" as a joke.

    (3) But the NSA are very likely indeed to put pressure on them to introduce this sort of "feature" - it's quite a common occurence for a guy with a sharp suit to turn up at the offices of commercial crypto implementors and discuss, let's say, how best to speed the export process. In the case of Lotus Notes, they did it entirely above ground, although the Swedish Government didn't read the small print when they banked their information system on Notes and they were quite annoyed to discover that the NSA had a way in.

    Put aside your speculation: this is the real thing. The NSA hold the private key that allows their software to do pretty much whatever they want to the CryptoAPI system, if you'll consent to run any code they've had their hands near. And we all know how tricky that is.

    Personally, I'm ecstatic: the unearthing of this information is a huge boon both to the Open Source and crypto-security communities.
  • ...enh, basicaly an "astroturfer", from what I can figure.
    Berlin-- []
  • Sorry about the length, but this very well written email from Russ posted to NTBUGTRAQ does a perfect job of laying out all sides of this issue...

    -----Original Message-----
    From: Russ [mailto:Russ.Cooper@RC.ON.CA]
    Sent: Friday, September 03, 1999 2:58 PM
    Subject: Alert: CryptoAPI and _NSAKey issue


    This is also available at

    Whoa horsie...

    I had a long chat with Andrew Fernandes this morning, as well as
    another chat with others, and of course I've had a ton of messages
    sent my way with various links to various stories about the issue.

    I wanted to get a few things straight before I sent this message, but
    given how quickly things are spreading it makes sent to send something

    Ok, so here's what I can tell you.

    1. Andrew's speculation about the _NSAKEY being a backdoor for the NSA
    is based on;

    a) The variable is called "NSA".

    b) Its a second key, not known to exist in Windows previously.

    c) What possible purpose would a second key serve?

    d) Its presence, arguably, weakens CryptoAPI (Andrew explains this on
    his website at ,
    I'll elaborate more later.

    2. Sources close to Microsoft say that the key is a "Backup" key. It
    is owned by Microsoft, and only Microsoft have the private key to it.
    The key was named "_NSAKEY" because the NSA insisted that Microsoft
    include a backup key in their CryptoAPI before the Commerce Department
    would approve its inclusion in NT 4.0.

    - ---------

    There's a bunch of somewhat understandable furor going on over the
    idea that the NSA might have a backdoor to Windows. Unfortunately,
    however, all of this is based on a variable name. Anyone who programs
    knows that variables might get named anything for a variety of
    reasons. One would expect that they would be named descriptively, but
    alas, not everyone follows such stringent conventions (can you spell
    "Easter Egg"?).

    The Conspiracy Theorist's theory goes;
    - -------------------------------------

    - - The NSA has a signing key on your box.

    - - The NSA can implant a Trojan to replace the module which performs
    encryption on your box with one that doesn't perform encryption, and
    because the failure of signature verification against Microsoft's key
    is silent, they can get their trojan'd app up and running without you
    being any the wiser.

    - - The NSA can then sniff your traffic, now being conducted in

    There's obviously a ton of variations possible on this theory, they
    take your private key, they replace your key with another, etc...

    They only have to get a Trojan to you and get you to run it, and as
    those same Conspiracy Theorists always say, there's
    likely bugs in the OS designed to allow them to do

    Yeah, could be true.

    My take from Microsoft's Perspective;
    - ------------------------------------

    - - We want to have one build of our products that simultaneously
    supports weak or strong encryption functionality.

    - - We want to be able to ship this one product world-wide, changing as
    few bits as possible for those that are being shipped outside the U.S.
    and Canada.

    - - We'll build an API (good, bad, or otherwise) that allows the
    controlled bits to be inserted into an infrastructure, then get the
    infrastructure approved, and all will be good.

    - - Commerce (with advice from lots of people including the NSA),
    agrees, and tells Microsoft they have to sign everything that can use
    the infrastructure. That way, Microsoft can ship its product anywhere,
    and Commerce will know that only those products that have been signed
    by Microsoft will be able to run on the OS.

    - - You want to build a Cryptographic Service Provider (CSP), the module
    that performs the encryption, you gotta get Microsoft to sign it for
    it to run. Microsoft doesn't sign anything that doesn't have the
    appropriate Commerce Department Export approvals first.

    Wonderful, life's good, Microsoft doesn't have to manage multiple
    versions based on Crypto-strength, folks can implement whatever crypto
    they want (assuming its Commerce approved).

    Oh, the second key, I almost forgot;
    - -----------------------------------

    I'm told the NSA insisted there had to be a backup. No explanation as
    to why yet, that's what I've been told. One theory that made a lot of
    sense to me was the simple idea of;

    What happens if Microsoft's key is ever compromised? Well, they'd
    simply revoke it, right? Yeah, but the problem is that you'd have no
    way of telling a Microsoft system that there's a new key. You'd have
    to rely on the old one to tell it about the new one. But if there's a
    backup key, and they're kept separate, you could use the Backup to
    verify the new key to replace the primary.

    That's only meaningful to Microsoft since there's no revocation lookup
    being done on the primary anyway. Microsoft would have a way to
    salvage its name by using a new key. In practice, this would be near
    impossible to deploy, but hey, at least there's a way to do it

    - ------

    Andrew's discovery goes beyond this NSA stuff. There's a real issue
    here. Andrew has found that by replacing the _NSAKEY with one of your
    own, you are able to add a CSP to the system signed only by you. This
    by-passes Microsoft's signing controls (the ones Commerce needed to be
    in place to allow Microsoft to ship its products world-wide).

    As Andrew says, "Export controll is effectively dead for Windows."

    More importantly, it means you can add a CSP that does whatever you
    want it to do, and then modify existing Windows .dlls that call
    CryptoAPI such that they are signed by you instead of Microsoft. This
    will cause them to fail the Microsoft signature verification, but
    they'll pass verification against your own signature. Windows will
    silently let them run and do whatever it is you want them to with the
    CryptoAPI environment.

    In theory, you create your own CSP to replace Microsoft's supplied CSP
    (implementing whatever you wanted in it, say boosting 40-bit to
    128-bit), modify the second key to one of your own, install your CSP
    over Microsoft's, and fire up any application that uses CryptoAPI. The
    signature will fail Microsoft's verification, pass yours, and
    everything should work as if you had a U.S./Canadian version.

    Fortify for Windows NT (I'd sure love to see
    that implemented, anyone up for the challenge?)

    It also means the encryption you use on your system could be
    compromised in the same fashion, assuming it relies on CryptoAPI
    (hasn't this been called for by the U.S. President's commission?)

    Andrew's demonstration program effectively proves most of this;

    On the other hand;
    - -----------------

    If there were only one key present in the system, Andrew acknowledges,
    then this wouldn't be possible. However, it would still be possible to
    subvert the export controls by trojanning all of the necessary .dlls
    used with CryptoAPI with ones signed by your key, and then replacing
    the Microsoft key with your own. Its a lot more work, but it would
    still achieve the same results.

    Nobody is suggesting that any of this is a Remote Exploit, or
    something you have to worry about receiving in Email. Sure, Andrew's
    program demonstrates that a running application can subvert the second
    key and implement its own memory...which is possible but

    - ------------

    I think the NSA thing is being over-hyped. Sure, its possible, and we
    need Microsoft to make their official statement about it to have it on
    the record. Once they do, if anyone can prove its not their key I will
    happily help them. I doubt anyone will...although I also doubt that
    people will readily accept that it is a second Microsoft key (who
    killed JFK?)...maybe Microsoft can sign something with the second key
    so we could verify it somehow??

    Meanwhile, the risk of your system's cryptographic methods being
    exploited is limited while folks figure out how it could be done
    effectively. I'm looking at how you could audit access or
    manipulation, but what's really needed is a TripWire-like
    functionality ( Alternatively,
    Microsoft should build-in some additional mechanism to verify that
    something that should be Microsoft signed, really is Microsoft signed,
    and not a blind failover to the second key.

    As to the issues of a third key in W2K, I have no information
    regarding this beyond what Andrew has said.

    More as information becomes available.

    Russ - NTBugtraq Editor

    Version: PGP 6.0.2

    iQCVAwUBN9AoOBBh2Kw/l7p5AQEArgQApuinKKbm2VgQ3etb 6mm4MPu2IPiO4Orr
    lhhzz3yYNqCJW0kgubSiPcZoOyHvD3VU2IXLk4CKRqeIhQEz 1UXJhJWF11qYF888
    pJQpo08ejP3aozx7AB4+37O7gWkLGcH+wAC8siMpOMMUjgHJ UhkzOZ0Fa+tbXxt3
    -----END PGP SIGNATURE-----

    Titanic Wrecking Crew
  • Unquestionably it's illegal. It violates the Constitutional ban in search and seizure without a warrant.

    The question is, "Does the NSA care that it's illegal?" The answer is, undoubtedly, no.
  • Why is NSA public key pre-installed on the Operating System?

    I was wondering that too, except the key is not pre-installed, it is hard-coded .
    Berlin-- []

  • > Too bad Windows isn't open source so we could all go check it...

    I suspect we'll have massive lawsuits filed within days, and a resulting court order to open the relevant parts of the code.

    If the Administration opposes the suit, or if Microsoft loses some more source code, that will tell us all we needed to know anyway, won't it?

    Meanwhile, it's fun hitting the news sites every few minutes to see the pecking order of how the story propagates.

  • Thats funny, I found it quite conforting.

    Oh, wait, maybe you are on the wrong side of the corrupt, effectively totalitarian, world repressing regime...

    /. is like a steer's horns, a point here, a point there and a lot of bull in between.
  • Has anyone considered the possibility that Microsoft deliberately left the symbol in, to reveal NSA's presence without risking liability? Or is it just easier for you to blindly attack Microsoft given the slightest excuse?

    Replace Microsoft in that sentence with any other major corporation -- Occham's Razor still applies. I could possibly buy that this was deliberate on the part of an individual employee, but I find it highly improbable that the management of ANY large company would make that sort of decision.

    Berlin-- []
  • You are joking, right?
    What about personal privacy? What about buissness secrets?

    If this is allowed, why don't we just install video-cameras in all houses to make damn sure noone is breaking any laws there, heck why don't we put people in jail to make SURE they don't commit any crimes.

    *I know I shouldn't bite on troll posts, I just can't help myself.*

    //Somewhat anonymous coward.
  • ...that! This must just be some M$Programmer(tm)'s idea of a cute joke!
  • Towards the end of the overview part of the article, there is a blurb about foreign IT managers now being able to replace the weak encryption shipped (exportable) from the U.S. with strong encryption of their own choosing...

    Since Windows is a U.S. product, it is subject to U.S. export regulations on strong encryption. This gaff in security may be an oversight, or it may be a way of enabling strong security usage, without torquing-off the D.O.J. any further than it already is.

    Though, I don't see why M.S. would not just provide 'replacable' security.

    Then again, given M.S. 'reputation' with security, it is unlikely that they would actually do something benevolent in the area. Still, something to think about... M.S. ServPack5 now allows foreign companies (in fact all users) to keep the NSA from peeking in their drawers.
  • by Anonymous Coward on Friday September 03, 1999 @04:11AM (#1707230)

    Even if this is the NSA's key, so what? All it means is that they're hypocrites with regard to US security laws. The key only lets you install new security services inside Microsoft's crypto framework. That's it. It doesn't give you access to any information encrypted by other providers. The only reaon there's a lock on this install capability is to allow Microsoft to meet US export standards on encryption (they can't make it too easy to add strong crypto). If this really is an NSA key, then the NSA just wanted it to be easy for them to install strong crypto.

    In other words, so what? This doesn't let the NSA, Microsoft, or anyone else snoop on my encrypted data. And I already knew the government had a rediculous security policy. BFD.

  • by Enoch Root ( 57473 ) on Friday September 03, 1999 @01:17AM (#1707232)
    You know, at first I was outraged and shocked at this article. But now I can't help but smirk.

    No one figured out that backdoor until Microsoft forgot to remove the explicit name NSA_Key in NT 4 SP 5? What kind of joke is this? Or is it a programmer at Microsoft that's covertly working for the Open Source movement? :)

    I also find it pretty pathetic that the NSA would need to contact Microsoft and implement a backdoor to access NT. I sure know most crackers I know don't need a friggin' insider at MS to crack NT until it weeps.

    So I see three possibilities about this:

    It's a hoax of some sort, or a private joke by the NT programmers. It sure is working.

    It's a decoy. The NSA has a backdoor somewhere else, much less obvious, and this is meant to make us believe the NSA backdoor has been found. I mean, the alleged backdoor in DES is much more complex and subtle than multiplying my a fixed key when encrypting.

    It's true, and the NSA are truly pathetic, and their cryptanalysis talents are severely, severely overrated.

    I find the third option to be the most amusing. :)

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • The Federal Government has been making aliances et al for years now. For example, the NSA can get new credit cards for agents at will legally giving the company false info, ie the agent's alias or what have you. Corperate alliances are what have made groups like the CIA and the NSA what they are today. I'm sorry I'm cutting this short, but I'm at work. More detail laiter in the day.
  • by wanderingstar ( 51363 ) on Friday September 03, 1999 @01:19AM (#1707274)
    Let's all just participate in a little reality check here, folks - just because something is named "NSA" it automatically means it has to do with the United States National Security Agency? As any Windows programmer can tell you, "LSA" in Microsoft parlance means "Local System Authority" - the subsystem that validates your logons. Why the heck shouldn't "NSA" stand for "Network System Authority"? And this is just one possibility... Geeze, the article offers ABSOLUTELY NO PROOF that the key named "NSA" stands for National Security Agency. Think before you fly off the handle.
  • We need strong encryption implimented in the masses before its too late. There is too much plain text transfer and lack of authenticication. Imagine a few individuals trying to trojan your patch you submitted on freshmeat. Now, imagine the illusive NSA handling those packets for a brief moment in time to contaminate yours and everyone else's space forever. Paranoid? Perhaps I am, but I have been getting a noticable increase in /var/log/secure in the last few months.

    If we don't protect ourselves from crackers and rougue governments, hell is going to walk on this planet soon. I predict it happening soon with the current lax security (or complete lack of!)

    Damn the NSA. Send it to hell.
  • > Ummm, sorry to burst your bubble but this COULD
    > happen in Open Source software like Linux. Just
    > because it is open source doesn't mean that
    > something can't be hidden within it.

    I agree that it could, but I think it is much less likely. While everyone might not take the time to look at those three lines of code, we don't need everyone to. All we really need is one person to notice and point it out to people.
    (this happened recently if I recall, a popular mirror was cracked and code trojaned, but it only took a short while to get things sorted out)

    There is also a difference in trust that exists today, though it might not be that way forever. Because of the nature of the people doing the open source work, I have much greater trust in say linus, alan, etc doing what's best for me, than I do in MS or the US gov.

  • Your points are good, especially those about traffic analysis. However, they appear only serve to further weaken the argument of the person I was replying to.

    In many ways, the 'net is a far less anonymous place than the 'real world'.
    In the real world I can still send a letter w/o a return address (or even with a bogus return address). If I am careful to avoid leaving fingerprints on it, it is difficult for the recipient to tell much more than what zip code it was mailed from. It would be virtually impossible for someone (or even a gov't agency) to watch every person depositing mail into every public mail recepticle all the time.
    In the real world I can still make a call from a public pay phone using coins and/or a calling card (if necessary) that I can purchase with cash at a place like Wal-Mart. If I am careful not to leave fingerprints on the phone, and I do something like record a message in someone else's voice or with a voice synthesizer, it is virtually impossible to tell who made the call.

    The preceeding examples haven't caused the real world to come to an end, so I see little reason why what little anonymity we have on the 'net is a bad thing.

  • Meanwhile, it's fun hitting the news sites every few minutes to see the pecking order of how the story propagates.

    As expected, msnbc denies [] the association with the NSA. Looks like this article was carefully prepared by the PR chefs to me.
  • by Anonymous Coward on Friday September 03, 1999 @01:23AM (#1707331)
    Having used the CryptoAPI for about a year, and having been forced to get Microsoft to sign a CSP (Crypto Service Provider) for me, what it REALLY appears that the _NSAKEY value is for is this: Microsoft wanted to make sure it didn't violate US export law. They asked the US government, which replied, "Make sure that the CryptoAPI doesn't load unapproved cryptographic modules." Microsoft did this by requiring CSP developers to send the DLL to them (you can opt to send just the hash) along with a document stating whether the CSP was exportable or not. Then, someone in the government said, "Well, we want to be able to use our own CSPs in Windows without having to send them to Microsoft." They got Microsoft to add a second DLL verification check using a separate RSA key. For those who don't know, CSPs are DLLs that provide key and certificate management, hashing, and encryption/decryption services to applications. There is a small API of functions that they support. If some boogeyman wanted to spy on you through one, that means that someone would have to get that code onto your machine first, then register it (it's in the Registry under Software/Microsoft/Cryptography/Defaults/Providers ). This still leaves open the possibility that the verification code is being used to verify something else other than a CSP, but that hasn't been shown yet.
  • by Anonymous Coward on Friday September 03, 1999 @01:26AM (#1707335)
    Ehm, did anyone actually read the press release?

    As far as I can tell, a competitor to Microsoft discovered the following:

    * There is not one, but two keys that are used for the verification of CSP modules;
    * This key is called 'NSAKEY' in the debug info for some NT4/SP5 executables.

    The best you can say is that "this raises questions". It could be a "back door", but certainly no "security hole": the ability to install CSPs on a system doesn't give you a whole lot except the ability to PROVIDE AN ALTERNATIVE METHOD to encrypt/decrypt data. In other words: no existing encrypted data is compromised, and an application has to specify it WANTS to use the new CSP.

    Of course it's more fun to start paranoid rants agains "M$" right away, but even for the most fanatic Microsoft-sceptic, it should be clear that:

    1. The information is provided by a Microsoft competitor, and very sketchy at that;
    2. It doesn't conclusively PROVE anything: just hint at certain vulnerabilities;
    3. If the 'back door' indeed exists, its exploit potential is minimal.

  • Yes, this is true. *Always* check the md5sum of those popular packages against multiple mirrors. That would not protect you if the source was intercepted before it was mirrored, but that's what we get when our pants get caught down without widespread authenticication and encryption. Its a war. Corrupt organizations (I won't mention the NSA) might win and sooner than you think.
  • As promised, here is the passage from Applied Cryptography by Bruce Schneier that deals with NSA's tampering of the S-boxes. This is from the second edition, pp. 284-285:

    In addition of being accused of reducing the key length, NSA was also accused of modifying the contents of the S-boxes. When pressed for design justification for the S-boxes, the NSA indicated that elements of the algorithm's design were "sensitive" and would not be made public. Many cryptographers were concerned that the NSA-designed S-boxes hid a trapdoor, making it possible for them to easily cryptanalyze the algorithm.

    Since then, considerable effort has gone into analyzing the design and operation of the S-boxes. In the mid-1970s, Lexar Corporation and Bell Laboratories examined the operation of the S-boxes. Neither analysis revealed any weaknesses, although both found inexplicable features. The S-boxes had more features in common with a linear transformation than one would expect if they were chosen at random. The Bell Laboratories team stated that the S-boxes may have hidden trapdoors, and the Lexar report concluded with:

    Structures have been found in DES that were undoubtly inserted to strenghten the system against certain types of attack.
    Structures have also been found that appear to weaken the system.

    On the other hand, this report also warned:

    ...the problem [of the search for structure in the S-boxes] is complicated by the ability of the human mind to find apparent structure in random data, which is really not structure at all.

    [...]Various oddities about the S-boxes appeared in the literature. The last three output bits of the fourth S-box can be derived in the same way as the first by complementing some of the input bits. Two different, but carefully chosen, inputs to S-boxes can produce the same output. It is possible to obtain the same output of a sigle DES round by changing bits in only three neighboring S-boxes. Shamir noticed that the S-boxes entries appeared to be somewhat imbalanced, but wasn't about to turn that imbalance into an attack. [He mentioned a feature of the fifth S-box, but it took another eight years before linear cryptanalysis exploited that feature.] Other researchers showed that publicly known design principles could be used to generate S-boxes with the observed characteristics.

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • So what about this attack:
    NSA writes a new DES provider that in addition to performing DES, also emails them all keys used (or something more subtle, but you get the idea). Now sign it with NSA private key, and overwrite the old dll with the compromised one. The previous one was signed by MS, this one by NSA, but both have valid signatures. When an application asks for DES encyption, the compromised one is successfully loaded.

    What am I missing?
  • by Anonymous Coward
    The NSA just plain doesn't need a back door into windows security. Did everyone miss the post about RSA-155 being cracked in three months in secret...? How about Shamir's "twinkle" system? Do you really think the NSA has the type of budget problems that have prevented Shamir from building his system (which he claims would cost a mere $250,000 on first run) And do you think they'd have a hard time mustering the computing power to crack RSA-155 in less than three months? Think about this... who is SGI/Cray's bigggest customer (of super computers)? Drumroll please! The United States Government. Face it. If you want to keep a secret, its better not ever go across a wire, airwave or hit magnetic medium.

  • by Norman Lorrain ( 11572 ) on Friday September 03, 1999 @01:33AM (#1707399) Homepage
    Here [] for doc's.
  • I don't see any suggestion of purposeful weakening of DES in any way in my edition of AC, except for the small keyspace. Nothing would really shed the doubt of which you speak, but certainly all the evidence points the other way.

    The AES is being selected to replace DES because:
    * DES's keyspace is too small
    * DES's block size is too small
    * DES is too slow, especially in software.

  • by Anonymous Coward on Friday September 03, 1999 @01:38AM (#1707416)
    You have no idea, my friend, you have no idea.

    I returned to the private workforce last year aften ten years with a government entity that I cannot list on my resume. I have a cover (State) and some canned recommendations. I learned AIX while I was working for the government, and then discovered Solaris, which I like a lot. This got me a job last year without too many questions.

    You have no idea how bad it has gotten. Let me fill you in:

    1. Quotas: they are set in (a place in Virginia) and not in the country itself. So, a posting in some countries (Denmark or Finland) where a)no one really likes or dislikes the US - they could care less and have no real interest in providing information and b)there is just not a lot happening (we are not, for instance, likely to be invaded by Belgium any time soon) is the kiss of death to your carreer because there is no real way to make quota. Unless (and this is key), you fake it. If you have ethics, essentially, fully half of all of the postings by quantity require you to commit treason (by compromising national security by falsifying any and all contacts and records) or treat it as dead time for your future. This is the neat part -- everyone knows the system is horribly broken and every senior person there winks at the violations. Why? Whey did it themselves. Shades of grinding back at West Point (cheating, for those who didn't attend a service academy, is called grinding, and almost everyone does it).
    2. Reviews: this has nothing to do with your actual performance in most cases. The station chief doesn't do them -- your immediate boss does. And, just like high school, there is a pecking order and no real control outside of that. Date a secretary that your boss is interested in, your ass is grass. I didn't, but watched someone get transferred into a carreer-ending position for that, with the suggestion in his records that he was compromising security by dating nationals. There is no meritocracy there anymore.
    3. Disregard for security: this happened all the time. People would take home AND MISPLACE TS and worse. We had a person leave his briefcase in a bar. We are lucky that the bartender found it. It had detailed response plans for repelling any c/b/r attacks from a country that I can't name, but if you saw it on a map, would look an awful lot like Iraq. This was serious. It was ignored. And then there are the drinking and drug problems, mostly drinking.
    4. Security: They do not get you a house at the far end of a one way street anymore. You are lucky if they try to keep your cover secret. They won't help you move in, so everyone knows that you are coming in from DC or VA someplace. They won't pay for a damned thing (not salary, which is very low, but things like furnishing a house or flat as if you really were an American marketing exec). And your family is at tremendouw risk if you take them, as a result. This was one of the main reasons I left. I spoke Spanish, I was not going to get another European posting, had studied Latin America, and had done briefings on narcoterrorism for a number of people, for a number or years. I looked at the house that they had picked out for me in Bogota -- on a busy street, with a wide alley, with overlooking apartment buildings in line-of-sight, in a neighborhood with access from FIVE directions. They couldn't have done worse if they tried. There was no way in hell that I was taking my pregnant wife there, and she felt the same way. So we both quit.

    Bitter? Yes, very. But not at the concept, just the execution. At this point, we need to start over.
  • by MrP- ( 45616 ) <> on Friday September 03, 1999 @01:39AM (#1707438)
    I just searched for "RSAKEY" on my system, it was found in netscape.exe! OMG Netscape is in on this too! I'm going to go throw my pc in the trash and run around my house lighting anything on fire with the word RSA on it because it might be a security risk! Ahhh it's a conspiracy!

    $mrp=~s/mrp/elite god/g;
  • "There is not such thing as privacy. Get over it."

    I'm with Jimhotep on this one..
    If they wanna watch you, they'll watch you. They might be doing it right now. Be afraid - be very afraid.

    We (they, they of the NSA) can count your shoelaces and read your newspaper from 100,000 feet up. That's orbital for chrissakes.

    Bouncing a laser off of a window, and measuring the reflection allows very impressive eavesdropping.

    Your driver's license has your current address on it. Ever wonder why? Did you have your baby foot-printed upon birth?

    I've never seen it done, but I'm quite convinced that the patternt on your screen and the state of your CPU can be monitored in real time, from a quarter mile away.

    Anyone out there care to comment on S.Q.I.D. technology? My understanding is a bit rusty - and as I understand, that's probably a good thing.

    The kicker? There's nothing we can do about any of it.
  • by MenTaLguY ( 5483 ) on Friday September 03, 1999 @01:45AM (#1707475) Homepage

    "What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . . ."

    One thing you're forgetting -- generally when package maintainers (Linus, for instance) are reviewing a patch for inclusion in the distribution, they won't accept it unless they understand all the code involved.

    If you tried something clever like spreading the changes across several patches, that wouldn't really work either.

    [Judas] Here's my patch to fix the support for the /dev/blah device
    [Maintainer] Hrm. I'll have a look.
    [Maintainer] What's this little bit of code here do? I think you could probably shave a couple hundred instructions off here if you left it out, and it looks completely unnecessary.
    [Judas] There's something screwy with the timing; that was the only way I could get it to work
    [Maintainer] Hrm. That seems like a kind of awkward hack to me -- I'd like a solution I could understand better. I just replaced this with a delay loop -- I don't have the blah hardware myself though ... (to mailing list) Hey, could someone with blah hardware give this a try with my modification and see if it still works?
    [Mailing List] Okay... it seems fine. In fact, one of us tried it without the delay loop, and there weren't any problems.
    [Maintainer] (to Judas) I applied your patch; it seems to work fine without the bit of code though, so I just left that part out.
    [Judas] Curses, foiled again!

    As a modest package maintainer myself, I personally read every patch I get. Even if the patch author isn't malicious, the patch could still potentially fail in a catastrophic way due to a stupid logic error or invalid assumptions.

    One thing that some people don't seem to understand about Open Source is that just because some Joe Schmoe produces some code doesn't mean that it'll end up in the official distribution.

    It might be easy to read the code in the official distribution, and it might be easy to modify the code in your own copy, but it's nontrivial to quietly modify the official distribution. To submit a patch is to submit that patch to a lot of direct public scrutiny.

    Berlin-- []
  • what i want to know is, what DOES this mean? do we have the SLIGHTEST idea AT ALL what the "nsakey" symbol does? even if we accept for a second it's a backdoor for the nsa, what does that backdoor do? is it clear from the dissasembly? any NT admins here who might know details? i've seen at least three contradictory explanatons of what a key in the cryptoAPI means.

    they seem to be saying the debugging stuff was left in in the NT service pack and that you could see the names of the variables used.. well hell, there ought to be all KINDS of interesting stuff in there. beyond the NSAKEY thing,seems like it would be fascinating to just thumb through the variable names and see whatall is there. or was it just the security parts and nothing else that had the debugging? is there really a function called CREATE_RANDOM_GENERAL_PROTECTION_FAULT()? (j/k)

    has anyone yet gone ahead and run their program to hacksaw out NSA_KEY like they suggest you do? does NT still run? does anything break, suggesting maybe NSA stands for something other than National Security Agency? how do we know that cryptonym's program actually _does_ take out NSAKEY, and not just replace NSAKEY with a key to let cryptononym in your system? How do we know "cryptonym" is not just a front for a shadowy orginisation working to create a human-alien hybrid so they can have FEMA infect all human life with a strange black substance spread by bees which causes the carrier to decompose, becoming food for alien life form and setting off the alien colonisation of earth?

    but anyway, whatever this NSAkey thing does, i say we immediately get RCA or RZA or or whatever going on cracking it. :)

    hey.. my mac may crash three times a day, but i have yet to hear about any security holes.

The relative importance of files depends on their cost in terms of the human effort needed to regenerate them. -- T.A. Dolotta