From: “William H. Geiger III” <whgiii@invweb.net>
To: Steve Schear <schear@lvdi.net>
Message Hash: 5a19b4319dcb9c96681d81069eb698275407e19f3c319908594ab32d35524287
Message ID: <199801220050.TAA25337@users.invweb.net>
Reply To: <v03102800b0eab79afcbc@[208.129.55.202]>
UTC Datetime: 1998-01-22 00:40:23 UTC
Raw Date: Thu, 22 Jan 1998 08:40:23 +0800
From: "William H. Geiger III" <whgiii@invweb.net>
Date: Thu, 22 Jan 1998 08:40:23 +0800
To: Steve Schear <schear@lvdi.net>
Subject: Re: [Long] How to recover private keys for various Microsoft products
In-Reply-To: <v03102800b0eab79afcbc@[208.129.55.202]>
Message-ID: <199801220050.TAA25337@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In <v03102800b0eab79afcbc@[208.129.55.202]>, on 01/20/98
at 12:43 PM, Steve Schear <schear@lvdi.net> said:
>At 4:29 AM +0000 1/21/98, Peter Gutmann wrote:
>> How to recover private keys for Microsoft Internet Explorer, Internet
>> Information Server, Outlook Express, and many others
>> - or -
>> Where do your encryption keys want to go today?
>>
>> Peter Gutmann, <pgut001@cs.auckland.ac.nz>
>>
>>Summary
>>-------
>>
>>Microsoft uses two different file formats to protect users private keys, the
>>original (unnamed) format which was used in older versions of MSIE, IIS, and
>>other software and which is still supported for backwards-compatibility reasons
>>in newer versions, and the newer PFX/PKCS #12 format. Due to a number of
>>design and implementation flaws in Microsofts software, it is possible to break
>>the security of both of these formats and recover users private keys, often in
>>a matter of seconds. In addition, a major security hole in Microsofts
>>CryptoAPI means that many keys can be recovered without even needing to break
>>the encryption. These attacks do not rely for their success on the presence of
>>weak, US-exportable encryption, they also affect US versions.
>>
>>As a result of these flaws, no Microsoft internet product is capable of
>>protecting a users keys from hostile attack. By combining the attacks
>>described below with widely-publicised bugs in MSIE which allow hostile sites
>>to read the contents of users hard drives or with an ActiveX control, a victim
>>can have their private key sucked off their machine and the encryption which
>>"protects" it broken at a remote site without their knowledge.
>>
>Seems a good way to teach M$ a security lesson is to use Peter's code to
>snatch M$' ant significant keys on their corporate servers and publish.
>Of course, they're probably too smart to leave important data just lying
>around on unsecure '95/NT servers and instead use Linux ;-)
More than likely they have them tucked away on one of the AS/400's they
are running at Redmond. :)
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
Tag-O-Matic: Dos: Venerable. Windows: Vulnerable. OS/2: Viable.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNMaGDI9Co1n+aLhhAQHicwP+NNIDJcNmdJjW294Pr6BEMvuOHmpcm8yk
AijqKWmSerz/D/VDD1zh7FwRNhkMD9qEkEXO4molAIsomo49NgBs8MhEIBSW7FhC
yj2lEZ5/xNGy+SVOoEpWywQD+KpU3FZftHIBUcQE0o7Wc+0AnjHfcUUDgjDkumCF
98Qe8bFqQyg=
=Z4ph
-----END PGP SIGNATURE-----
Return to January 1998
Return to ““William H. Geiger III” <whgiii@invweb.net>”