From: Jim McCoy <mccoy@communities.com>
Date: Wed, 9 Oct 1996 13:09:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Microsoft CAPI
In-Reply-To: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Message-ID: <v03007800ae81c43a7a63@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@tivoli.com> writes:
>Ravi Pandya wrote:
>> ... You can't load an encryption engine into Windows 95 or
>> Windows NT unless that engine has been specially signed by
>> Microsoft's corporate key.
>
>And so what happens when the Microsoft key is compromised?  It might
>be hard to break by purely cryptographic means, but surely there are
>some people at Microsoft who aren't millionaires.

But who may want to be, eh?  :)

Actually it is also possible to use a much more overt route and just
patch around anything which is doing the signature checking (possibly
on just a temporary basis if the checks are only made when the engine
is first loaded.)

jim