---

Security Portal: Kurt’s Closet Special: Do you trust your software?

“In Microsoft’s operating system there is a CryptoAPI, that
handles (surprise) a lot of the crypto functions. Now of course
these things change over time, so Microsoft included two public
keys, which can be used to verify digital signatures generated by
two secret keys. One key is the primary, and from Microsoft, the
other one is also officially from Microsoft, but was recently noted
as being named “NSAKEY”. This understandably threw a lot of people
into serious fits of paranoia and other useless activity. The
theory being that the NSA has their own private/public key pair
that they can use to sign cryptographic software, introduce into
your computer, and have you use unknowingly. There are several
flaws with this theory however…”

“This is either a joke from some Microsoft developer(s),
something innocent (Network Security Agent KEY), possibly a ruse
from the NSA to draw attention away from where the real backdoors
are, or least likely in my opinion, an actual NSA backdoor.”

At this point you’ve probably started to wonder what this
has to do with Linux.

Complete
Story