Cryptomym.com: Microsoft, the NSA, and You | Linux Today

Cryptomym.com: Microsoft, the NSA, and You

Written By
Web Webster
Web Webster
Sep 8, 1999

Cryptonym’s press release, plus full technical details, plus
a program to download to replace the “NSA” key on WinNT and
Win2k.

“Between Hotmail hacks and browser bugs, Microsoft has a dismal
track record in computer security. Most of us accept these minor
security flaws and go on with life. But how is an IT manager to
feel when they learn that in every copy of Windows sold, Microsoft
may have installed a ‘back door’ for the National Security Agency
(NSA – the USA’s spy agency) making it orders of magnitude easier
for the US government to access their computers?

While investigating the security subsystems of WindowsNT4,
Cryptonym’s Chief Scientist Andrew Fernandes discovered exactly
that – a back door for the NSA in every copy of Win95/98/NT4 and
Windows2000. Building on the work of Nicko van Someren (NCipher),
and Adi Shamir (the ‘S’ in ‘RSA’), Andrew was investigating
Microsoft’s ‘CryptoAPI’ architecture for security flaws. Since the
CryptoAPI is the fundamental building block of cryptographic
security in Windows, any flaw in it would open Windows to
electronic attack.”

“There is good news among the bad, however. It turns out that
there is a flaw in the way the ‘crypto_verify’ function is
implemented. Because of the way the crypto verification occurs,
users can easily eliminate or replace the NSA key from the
operating system without modifying any of Microsoft’s original
components. Since the NSA key is easily replaced, it means that
non-US companies are free to install ‘strong’ crypto services into
Windows, without Microsoft’s or the NSA’s approval. Thus the NSA
has effectively removed export control of ‘strong’ crypto from
Windows.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.