RE: Microsoft Authenticode key security
Actually, and sort of to the point, no, the keys never actually ever the BBN box, except as part of a backup procedure in which they are extracted in a doubly-encrypted form for which for security reasons you need the manufacturer's help in restoring. To this day, no human or computer other than the box itself knows the key. Bob
-----Original Message----- From: Toto [SMTP:toto@sk.sympatico.ca] Sent: Wednesday, March 05, 1997 9:18 AM To: gbroiles-nospam@netbox.com Cc: cypherpunks@toad.com; Bob Atkinson (Exchange) Subject: Re: Microsoft Authenticode key security
Greg Broiles wrote:
From: "Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com> Subject: Comments and corrections regarding Authenticode
For those curious: at the present time, the private keys with which Microsoft signs code that it publishes are managed inside BBN SafeKeyper boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper to somehow be physically stolen, these cool little boxes have several elaborate internal defenses designed to have the box destroy itself rather than compromise its keys.
Bob fails to mention, however, that, as a backup system, the keys are also written on pieces of masking tape attached to the underside of his keyboard. -- Toto http://bureau42.base.org/public/xenix/xenbody.html
"Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com> writes:
Actually, and sort of to the point, no, the keys never actually ever the BBN box, except as part of a backup procedure in which they are extracted in a doubly-encrypted form for which for security reasons you need the manufacturer's help in restoring.
To this day, no human or computer other than the box itself knows the
But do we necessarily believe what Microsoft people say? Dimitri "bought OS/2 1.0 from Microsoft" Vulis --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
In <L0c53D131w165w@bwalk.dm.com>, on 03/05/97 at 07:44 PM, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:
"Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com> writes:
Actually, and sort of to the point, no, the keys never actually ever the BBN box, except as part of a backup procedure in which they are extracted in a doubly-encrypted form for which for security reasons you need the manufacturer's help in restoring.
To this day, no human or computer other than the box itself knows the
But do we necessarily believe what Microsoft people say?
Dimitri "bought OS/2 1.0 from Microsoft" Vulis
:)))))) If Bill Gates got on national TV and told the world that the sky was blue I'd have go outside and look for myself. Not that this is just more M$ bashing, I wouldn't trust N$, IBM, Novell, HP, DEC, SUN or any other "big name" hardware/software company that depends on large government contracts. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info ----------------------------------------------------------- Tag-O-Matic: OS/2: Logic, not magic.
Bob Atkinson <bobatk@microsoft.com> writes:
Actually, and sort of to the point, no, the keys never actually ever the BBN box, except as part of a backup procedure in which they are extracted in a doubly-encrypted form for which for security reasons you need the manufacturer's help in restoring.
To this day, no human or computer other than the box itself knows the key.
Yeah, but we can always just release a patch for windows which makes it check signatures made by "cypherpunks certification services". As has been noted in previous discussions of CAPI (on this list), there is room for different competing patched key signature services: sign anything, sign only CAPI modules which don't involve GAK (key escrow), sign modules for which source code has been examined and provide a degree of assurance that the module is secure. Charges could be made for the CAPI rating, to the module provider, and to the users of the rating service even (with non-transferable signatures). Also, the BBN box might be overkill considering ActiveX -- the key could probably be patched delivered maliciously by the unsuspecting windows user accessing a web page. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (4)
-
Adam Back -
Bob Atkinson (Exchange) -
dlv@bwalk.dm.com -
William H. Geiger III