17 Dec
2003
17 Dec
'03
11:17 p.m.
At 12:02 AM 3/18/96 -0800, you wrote:
If the good guys can find a way to plug an unapproved international strong-crypto module into the CryptoAPI, then the bad guys can find a way plug in a no-crypto virus or trojan horse.
You want to prove: (A) IF you CAN plug in an unapproved module THEN you CAN plug in a trojan/virus. That doesn't mean, however, that: (B) IF you can't plug in an unapproved module THEN you can't plug in a trojan/virus. The subversion mechanisms would just not use the standard API. So what have you really proved if you can prove (A)?
-rich@c2.org http://www.c2.org/hackmsoft/ and other cool stuff