Page 4 of 4 FirstFirst ... 234
Results 31 to 32 of 32

Thread: NSA access was built into Windows ?

  1. February 28th, 2002, 01:09 PM #31
    valhallen
    valhallen is offline
    Banned
    Join Date
    Sep 2001
    Posts
    3,444
    /me quickly highlights 'c:\windows\desktop\nukes\how to' and batters del button >_<;

    v_Ln
    Reply With Quote Reply With Quote
  2. March 8th, 2002, 06:35 AM #32
    The Old Man
    The Old Man is offline
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364

    Question Re: NSA access was built into Windows ?

    Originally posted here by sumdumguy
    this is old news.. considering the date it was written.. still, searching AO, I found no reference to it .. what do you folks know about it.. is it for real ? (a careless mistake, yeah right)
    Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.
    Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website. "
    *****************************
    OK, I've been trying to find "Cryptonym" in any form, and all I get is white screen saying "This page was left intentionally blank"... Which tells me it was shut down sometime after the article that references the URL and conferences mentioned. Some references say Cryptonym is a Canadian company, however others say the good dr. was from NC.... Also, if NSA simply wanted advapi.dll to allow the agency to load/use 256bit encryption, they would have just replaced that file for themselves when they got their copies of whatever OS. Alternately, they could have used *nix for their OS and not bothered with MS and the cost. Therefore, at least the third key, and probably the second key also, within the file deserves suspicion.

    SO, to quote one of the articles: "Cryptonym's statement maintained that there is a flaw in the way the cryptography verification occurs, which means that users can eliminate or replace the NSA key without modifying Microsoft's original components. A program demonstrating this can be found on Cryptonym's website."

    BUT, did anyone manage to get a copy of the replacement (advapi.dll or whatever version the particular OS uses) file before Cryptonym was shut down?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules