[OT] more from Cryptome on NSA, Windows firewals, mail services

Ringo Kamens 2600denver at gmail.com
Thu Jan 3 02:51:13 UTC 2008 

A new vista service pack just "upgraded" to that "backdoored" random number
algorithm. Suit yourself in believing Microsoft.
Comade Ringo Kamens

On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman <eyv at cs.umn.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Thus spake Ringo Kamens, on 1/2/2008 4:17 PM:
> > Also, see http://www.schneier.com/essay-198.html
> > And yeah, I was talking about the NSA key.
>
> Personally (and god help me), I believe Microsoft when they say the key
> is not a key back door key. If it was, I wonder if they would name it
> "NSA". Or is that what they want us to think? :)
> The Schneier essay about the random number generator is more
> interesting, and worth reading.
>
> Eugene
>
> > Comrade Ringo Kamens
> >
> > On Jan 2, 2008 4:24 PM, Nick Mathewson < nickm at freehaven.net
> > <mailto:nickm at freehaven.net>> wrote:
> >
> >     On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman wrote:
> >     > Thus spake Ringo Kamens on Sun, 23 Dec 2007:
> >     >
> >     > (snip)
> >     > >    Also, we know the NSA and DoJ have engaged in
> >     > >    this type of activity in the past such as "working" with
> >     Microsoft to
> >     > >    secure vista and having their private key inserted into
> windows
> >     > >    versions so they could decrypt things.
> >     >
> >     > I've heard of the Vista bit, but what are you referring to, as far
> as
> >     > having a decryption key for Windows stuff? I know they had one
> in...
> >     > What was it? Lotus Notes?
> >
> >     He's probably referring to the "NSAKey" key in NT 4.  For more
> >     information, see
> >       http://en.wikipedia.org/wiki/Nsakey
> >
> >     It's a secondary code-signing key, allegedy to be used if their
> >     primary code signing key needed to be revoked.
> >
> >     If you believe Microsoft, the key was called "_NSAKEY" because it
> was
> >     introduced in order to meet NSA requirements for a secondary key.
> >     Naming things after the software or organization that requires them,
> >     rather than after their actual purpose, is not unusual for
> Microsoft:
> >     Their office XML spec is littered with stuff like the notorious
> >     AutoSpaceLikeWord95.
> >
> >     Personally, I don't believe that contemporary operating systems are
> so
> >     secure that the NSA would rather have security holes custom-built
> for
> >     it instead of just using the ones that are already there.
> >
> >     peace,
> >     --
> >     Nick
> >
> >
>
> - --
> Eugene Y. Vasserman
> Ph.D. Candidate, University of Minnesota
> http://www.cs.umn.edu/~eyv/ <http://www.cs.umn.edu/%7Eeyv/>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iFcDBQFHfEuob9W6r3tKSVIRCHVjAQC3wB/kJGrFUJLhG6zZ3LM3FE6U9reqV6G+
> pMcf2AG0lwEAmBEpgN+k8OWOsM26xIiv8XuneEKqM6scqEaKu9xSsTE=
> =J/si
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080102/d1c6bb28/attachment.htm>

More information about the tor-talk mailing list