1997-03-05 - Microsoft Authenticode key security

Header Data

From: gbroiles-nospam@netbox.com (Greg Broiles)
To: cypherpunks@toad.com
Message Hash: 9a722069f578ce2b1707310955510a29bbc9ab6cf7e453077ba74b794a948996
Message ID: <331e62b2.3884779@library.airnews.net>
Reply To: N/A
UTC Datetime: 1997-03-05 13:51:21 UTC
Raw Date: Wed, 5 Mar 1997 05:51:21 -0800 (PST)

Raw message

From: gbroiles-nospam@netbox.com (Greg Broiles)
Date: Wed, 5 Mar 1997 05:51:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Microsoft Authenticode key security
Message-ID: <331e62b2.3884779@library.airnews.net>
MIME-Version: 1.0
Content-Type: text/plain

Recent discussion on the cypherpunks list(s) talked about the
feasibility of subverting Microsoft's security model by stealing their
private key(s). The following snippet (originally sent to RISKS
digest) might be of interest:

>Date: Mon, 3 Mar 1997 19:23:15 -0800
>From: "Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com>
>Subject: Comments and corrections regarding Authenticode
>As the architect and primary implementor of the Authenticode code-signing
>technology (boy, that'll get me mail :-) found in Internet Explorer 3 and in
>Windows NT 4, I think my perhaps somewhat lengthy and clearly very biased
>perspective on some recent articles might be of interest to others.
>Bob Atkinson
>For those curious: at the present time, the private keys with which
>Microsoft signs code that it publishes are managed inside BBN SafeKeyper
>boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper
>to somehow be physically stolen, these cool little boxes have several
>elaborate internal defenses designed to have the box destroy itself rather
>than compromise its keys. As I understand things, a military variation on
>the SafeKeyper technology is used as an integral part of launch control of
>nuclear missiles on submarines in the US Navy.

Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.