Linux Today: Linux News On Internet Time.

Security Portal: Kurt's Closet Special: Do you trust your software?

Sep 09, 1999, 03:30 (8 Talkback[s])
(Other stories by Kurt Seifried)

"In Microsoft's operating system there is a CryptoAPI, that handles (surprise) a lot of the crypto functions. Now of course these things change over time, so Microsoft included two public keys, which can be used to verify digital signatures generated by two secret keys. One key is the primary, and from Microsoft, the other one is also officially from Microsoft, but was recently noted as being named "NSAKEY". This understandably threw a lot of people into serious fits of paranoia and other useless activity. The theory being that the NSA has their own private/public key pair that they can use to sign cryptographic software, introduce into your computer, and have you use unknowingly. There are several flaws with this theory however..."

"This is either a joke from some Microsoft developer(s), something innocent (Network Security Agent KEY), possibly a ruse from the NSA to draw attention away from where the real backdoors are, or least likely in my opinion, an actual NSA backdoor."

"At this point you've probably started to wonder what this has to do with Linux."

Complete Story

Related Stories: