<span>A new vista service pack just "upgraded" to that "backdoored" random number algorithm. Suit yourself in believing Microsoft.<br>Comade Ringo Kamens<br></span><br><div class="gmail_quote">On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman <
<a href="mailto:eyv@cs.umn.edu">eyv@cs.umn.edu</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256<br><br></div>Thus spake Ringo Kamens, on 1/2/2008 4:17 PM:<br><div class="Ih2E3d">> Also, see <a href="http://www.schneier.com/essay-198.html" target="_blank">http://www.schneier.com/essay-198.html</a>
<br>> And yeah, I was talking about the NSA key.<br><br></div>Personally (and god help me), I believe Microsoft when they say the key<br>is not a key back door key. If it was, I wonder if they would name it<br>"NSA". Or is that what they want us to think? :)
<br>The Schneier essay about the random number generator is more<br>interesting, and worth reading.<br><br>Eugene<br><div class="Ih2E3d"><br>> Comrade Ringo Kamens<br>><br>> On Jan 2, 2008 4:24 PM, Nick Mathewson <
<a href="mailto:nickm@freehaven.net">nickm@freehaven.net</a><br></div><div><div></div><div class="Wj3C7c">> <mailto:<a href="mailto:nickm@freehaven.net">nickm@freehaven.net</a>>> wrote:<br>><br>> On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman wrote:
<br>> > Thus spake Ringo Kamens on Sun, 23 Dec 2007:<br>> ><br>> > (snip)<br>> > > Also, we know the NSA and DoJ have engaged in<br>> > > this type of activity in the past such as "working" with
<br>> Microsoft to<br>> > > secure vista and having their private key inserted into windows<br>> > > versions so they could decrypt things.<br>> ><br>> > I've heard of the Vista bit, but what are you referring to, as far as
<br>> > having a decryption key for Windows stuff? I know they had one in...<br>> > What was it? Lotus Notes?<br>><br>> He's probably referring to the "NSAKey" key in NT 4. For more
<br>> information, see<br>> <a href="http://en.wikipedia.org/wiki/Nsakey" target="_blank">http://en.wikipedia.org/wiki/Nsakey</a><br>><br>> It's a secondary code-signing key, allegedy to be used if their
<br>> primary code signing key needed to be revoked.<br>><br>> If you believe Microsoft, the key was called "_NSAKEY" because it was<br>> introduced in order to meet NSA requirements for a secondary key.
<br>> Naming things after the software or organization that requires them,<br>> rather than after their actual purpose, is not unusual for Microsoft:<br>> Their office XML spec is littered with stuff like the notorious
<br>> AutoSpaceLikeWord95.<br>><br>> Personally, I don't believe that contemporary operating systems are so<br>> secure that the NSA would rather have security holes custom-built for<br>> it instead of just using the ones that are already there.
<br>><br>> peace,<br>> --<br>> Nick<br>><br>><br><br></div></div>- --<br><div class="Ih2E3d">Eugene Y. Vasserman<br>Ph.D. Candidate, University of Minnesota<br><a href="http://www.cs.umn.edu/%7Eeyv/" target="_blank">
http://www.cs.umn.edu/~eyv/</a><br></div>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.7 (MingW32)<br><div class="Ih2E3d">Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org
</a><br><br></div>iFcDBQFHfEuob9W6r3tKSVIRCHVjAQC3wB/kJGrFUJLhG6zZ3LM3FE6U9reqV6G+<br>pMcf2AG0lwEAmBEpgN+k8OWOsM26xIiv8XuneEKqM6scqEaKu9xSsTE=<br>=J/si<br>-----END PGP SIGNATURE-----<br></blockquote></div><br>