From: "Peter Trei" <trei@process.com>
Date: Wed, 9 Oct 1996 12:52:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Microsoft CAPI
Message-ID: <199610091952.MAA16556@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Ravi Pandya wrote:
> > ... You can't load an encryption engine into Windows 95 or 
> > Windows NT unless that engine has been specially signed by 
> > Microsoft's corporate key.
> 
> And so what happens when the Microsoft key is compromised?  It might
> be hard to break by purely cryptographic means, but surely there are
> some people at Microsoft who aren't millionaires.

Much easier would be to patch the OS to disable the signature check
by the CryptoAPI. A patching program, once written, would require no
particular skill to run.

Sort of like 'rechipping' a high-end sportscar.



Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com