From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 18 Mar 1996 16:30:19 +0800
To: cypherpunks@toad.com
Subject: Re: M$ CryptoAPI Question
In-Reply-To: <199603180605.WAA22290@dns1.noc.best.net>
Message-ID: <Pine.ULT.3.91.960317235407.4724F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Mar 1996 jamesd@echeque.com wrote:

> At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
> > I wonder if it's worth it to crack their approval mechanism so we can
> > add our own crypto subsystems without asking Microsoft's approval.
[...]
> Wait until Microsoft makes some oppressive decisions, 
> or is compelled to make some oppressive decisions.]
> 
> I do not expect that any cracking will be needed.  Microsoft 
> will approve a freeware module for use in America, and then, 
> alas alas, someone will leak it.

If the only goal is to allow international strong crypto using the
CryptoAPI, then I agree with the above. However, exploring the CryptoAPI
internals now, while there is still a possibility that they can be
changed, is a productive undertaking to the extent that it exposes holes. 

If the good guys can find a way to plug an unapproved international
strong-crypto module into the CryptoAPI, then the bad guys can find a way
plug in a no-crypto virus or trojan horse. 

-rich@c2.org
 http://www.c2.org/hackmsoft/ and other cool stuff