Re: [OT] more from Cryptome on NSA, Windows firewals, mail services

To: or-talk@xxxxxxxxxxxxx

Subject: Re: [OT] more from Cryptome on NSA, Windows firewals, mail services

From: "Ringo Kamens" <2600denver@xxxxxxxxx>

Date: Wed, 2 Jan 2008 21:51:13 -0500

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Wed, 02 Jan 2008 21:51:22 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=F4sOud1P/19GG/sqdvaUGkUOEf4B2qS0+td59Gb0tlk=; b=xOuecl5hq+dLfua7F67Va0VQieWhW/uozO3TwTPFOXXJ2EygEiVs7xklqQoPVwvKYjiyHLSsnZyg8/5NtasEAk2EJHJJEj/yXsvBkhokS9tNgt+m3ehxzuZPmpAnrBtPbtqyNdwAav+vaH3YmSGyjs1EphfF8PaDNDJ3Ec+hJUQ=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bmpqa1mxm/G8OUZXEXSuE2KiBGc+2LDlriAsOTe2TNuOwiAVYER+0KlIjT/IrwGugLr0R+BJBaQlPSe1KC3z9iJPdukxvtG1Ae7whCIG/kP9V1C0Okni/94CkXXo4/2CZLHAVAewAc1OISW2JCcfbb/DRwW2tRtw9G/hBbzpNVw=

In-reply-to: <477C4BA8.7050602@xxxxxxxxxx>

References: <200712231620.lBNGKlNU012291@xxxxxxxxxxxxx> <3922422b0712231009h799802a8re8292644de037bda@xxxxxxxxxxxxxx> <20080102204711.GB17169@xxxxxxxxxx> <20080102212434.GD5566@xxxxxxxxxxxxxxxxxx> <3922422b0801021417s51fb4a44y59e55d823588090b@xxxxxxxxxxxxxx> <477C4BA8.7050602@xxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

A new vista service pack just "upgraded" to that "backdoored" random number algorithm. Suit yourself in believing Microsoft.
Comade Ringo Kamens

On Jan 2, 2008 9:42 PM, Eugene Y. Vasserman < eyv@xxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thus spake Ringo Kamens, on 1/2/2008 4:17 PM:
> Also, see http://www.schneier.com/essay-198.html
> And yeah, I was talking about the NSA key.

Personally (and god help me), I believe Microsoft when they say the key
is not a key back door key. If it was, I wonder if they would name it
"NSA". Or is that what they want us to think? :)
The Schneier essay about the random number generator is more
interesting, and worth reading.

Eugene

> Comrade Ringo Kamens
>
> On Jan 2, 2008 4:24 PM, Nick Mathewson < nickm@xxxxxxxxxxxxx
> <mailto:nickm@xxxxxxxxxxxxx>> wrote:
>
> On Wed, Jan 02, 2008 at 02:47:11PM -0600, Eugene Y. Vasserman wrote:
> > Thus spake Ringo Kamens on Sun, 23 Dec 2007:
> >
> > (snip)
> > > Also, we know the NSA and DoJ have engaged in
> > > this type of activity in the past such as "working" with
> Microsoft to
> > > secure vista and having their private key inserted into windows
> > > versions so they could decrypt things.
> >
> > I've heard of the Vista bit, but what are you referring to, as far as
> > having a decryption key for Windows stuff? I know they had one in...
> > What was it? Lotus Notes?
>
> He's probably referring to the "NSAKey" key in NT 4. For more
> information, see
> http://en.wikipedia.org/wiki/Nsakey
>
> It's a secondary code-signing key, allegedy to be used if their
> primary code signing key needed to be revoked.
>
> If you believe Microsoft, the key was called "_NSAKEY" because it was
> introduced in order to meet NSA requirements for a secondary key.
> Naming things after the software or organization that requires them,
> rather than after their actual purpose, is not unusual for Microsoft:
> Their office XML spec is littered with stuff like the notorious
> AutoSpaceLikeWord95.
>
> Personally, I don't believe that contemporary operating systems are so
> secure that the NSA would rather have security holes custom-built for
> it instead of just using the ones that are already there.
>
> peace,
> --
> Nick
>
>

- --
Eugene Y. Vasserman
Ph.D. Candidate, University of Minnesota
http://www.cs.umn.edu/~eyv/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iFcDBQFHfEuob9W6r3tKSVIRCHVjAQC3wB/kJGrFUJLhG6zZ3LM3FE6U9reqV6G+
pMcf2AG0lwEAmBEpgN+k8OWOsM26xIiv8XuneEKqM6scqEaKu9xSsTE=
=J/si
-----END PGP SIGNATURE-----