1996-01-17 - Re: Microsoft’s CAPI

Header Data

From: scox@factset.com (Sean Cox)
To: mab@research.att.com (Matt Blaze)
Message Hash: e57ce8cab8209ab9256b0af5d700250cb180ad45037f3a8d858009c2738b32ae
Message ID: <9601171731.AA03797@sundog.factset.com.factset.com>
Reply To: <199601171502.KAA16060@nsa.tempo.att.com>
UTC Datetime: 1996-01-17 18:06:44 UTC
Raw Date: Thu, 18 Jan 1996 02:06:44 +0800

Raw message

From: scox@factset.com (Sean Cox)
Date: Thu, 18 Jan 1996 02:06:44 +0800
To: mab@research.att.com (Matt Blaze)
Subject: Re: Microsoft's CAPI
In-Reply-To: <199601171502.KAA16060@nsa.tempo.att.com>
Message-ID: <9601171731.AA03797@sundog.factset.com.factset.com>
MIME-Version: 1.0
Content-Type: text


According to Matt Blaze:

[[ Prelude about MS Cryptography API deleted ]]

>Despite all this, I think it will be easy to get around the CSP
>signature requirements and use homebrew, unsigned crypto even with
>pre-compiled .exe files from other sources.  I suspect it will be easy
>to write a program, for example, that takes an executable program
>and converts CryptoAPI calls to calls that look like just another DLL.
>And I'm sure someone will write a program to patch the NT/Windows
>kernel to ignore the signature check.  Needless to say, it would be
>nice if someone outside the US were to write and distribute programs
>to do this.  It would also be nice if someone would write a Unix/Linux
>version of the API/CSP mechanism.  It might make it possible to export
>applications for those platforms as well.

	Did MS mention how the crypto DLL's would be "protected" from 
surreptitious tampering?  What I'm wondering is if it will be possible
to "drop in" a new (signed) crypto.dll (that just happens to
forward cleartext to the DLL author, or perhaps uses intentionally 
deficient (or just fixed) keys) when installing, for example, the latest
game craze distributed on the Internet?
	It would seem to be fairly sketchy (and dangerous) to allow drop-in
crypto engines if those can be replaced with *ANY* other crypto engine at
any time (note for the paranoid: Imagine "NSA the Game" for Windows(TM) with
the new "Send the Feds a copy" encryption DLL--that last part in fine print
of coures :)
	I am hoping that they do have some for of protection against this
that hasn't been mentioned yet, but this kind of jumps out at me when I
think of drop-in DLLs (anyone ever see how well the WINSOCK.DLL scheme
works? God Forbid that an encryption scheme be subject to the same problems!)

	--Sean

#include <std_disclaimer.h>





Thread