Cryptonym’s press release, plus full technical details, plus
a program to download to replace the “NSA” key on WinNT and
Win2k.
“Between Hotmail hacks and browser bugs, Microsoft has a dismal
track record in computer security. Most of us accept these minor
security flaws and go on with life. But how is an IT manager to
feel when they learn that in every copy of Windows sold, Microsoft
may have installed a ‘back door’ for the National Security Agency
(NSA – the USA’s spy agency) making it orders of magnitude easier
for the US government to access their computers?
While investigating the security subsystems of WindowsNT4,
Cryptonym’s Chief Scientist Andrew Fernandes discovered exactly
that – a back door for the NSA in every copy of Win95/98/NT4 and
Windows2000. Building on the work of Nicko van Someren (NCipher),
and Adi Shamir (the ‘S’ in ‘RSA’), Andrew was investigating
Microsoft’s ‘CryptoAPI’ architecture for security flaws. Since the
CryptoAPI is the fundamental building block of cryptographic
security in Windows, any flaw in it would open Windows to
electronic attack.”
“There is good news among the bad, however. It turns out that
there is a flaw in the way the ‘crypto_verify’ function is
implemented. Because of the way the crypto verification occurs,
users can easily eliminate or replace the NSA key from the
operating system without modifying any of Microsoft’s original
components. Since the NSA key is easily replaced, it means that
non-US companies are free to install ‘strong’ crypto services into
Windows, without Microsoft’s or the NSA’s approval. Thus the NSA
has effectively removed export control of ‘strong’ crypto from
Windows.”