[Long] How to recover private keys for various Microsoft products
How to recover private keys for Microsoft Internet Explorer, Internet
Information Server, Outlook Express, and many others
- or -
Where do your encryption keys want to go today?
Peter Gutmann,
-----BEGIN PGP SIGNED MESSAGE----- In <88531016604880@cs26.cs.auckland.ac.nz>, on 01/21/98 at 04:29 AM, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
Summary -------
Microsoft uses two different file formats to protect users private keys, the original (unnamed) format which was used in older versions of MSIE, IIS, and other software and which is still supported for backwards-compatibility reasons in newer versions, and the newer PFX/PKCS #12 format. Due to a number of design and implementation flaws in Microsofts software, it is possible to break the security of both of these formats and recover users private keys, often in a matter of seconds. In addition, a major security hole in Microsofts CryptoAPI means that many keys can be recovered without even needing to break the encryption. These attacks do not rely for their success on the presence of weak, US-exportable encryption, they also affect US versions.
This is a battle I have been fighting for years now. Do not TRUST Mircosoft for security. Plane and simple. They have shown for years now that they are incapable or unwilling to spend the time, money, and effort to produce secure products (Remember the MS claims of NT being C2 rated? LOL!!!). I have spent quite a bit of effort trying to educate ISV's not to use the MS crypto API for a variety of reasons. Unfortunately, for the most part it falls on deaf ears. Most ISV's are unwilling to accept the fact that security as an afterthought does not work. Combine this a public that does not care about security but is willing to accept the warm fuzzies from pseudo-security and you get bug filled crap like the MS CryptoAPI accepted throughout the market place. I have come to the point now that I will not use any commercial security software nor will I recommend it to any of my clients. If it is not burdened with GAK, as with software from IBM and Lotus, it is flawed by shear incompetence as with software from Microsoft and Netscape. - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: You're throwing it all out the Windows! -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNMTN3o9Co1n+aLhhAQHuagQApRiDHrPDtI82nUd8/7TOE64EZmlLn0zD NoHK5edUYuCRdzKfw4/4MzmIHwrasF7IpJDoQ5djtkSc8AQCsSpI4vMlq1LiyU3K DngvVGhVfsSxJ+Sbt5HAsQyEr0tnJmI92fswJrsvEMKEsd5sLhadrbW4e+CoQxUS 1m62eo1hAWs= =Lsuq -----END PGP SIGNATURE-----
On 20 Jan 1998 23:19:36 -0600, pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote:
How to recover private keys for Microsoft Internet Explorer, Internet Information Server, Outlook Express, and many others - or - Where do your encryption keys want to go today?
Peter Gutmann,
As if there wasn't enough incentive to steal private keys, here's a little diddy from news.com (Where do your stocks want to go today?): MS pushes NT for securities By Tim Clark January 20, 1998, 5:25 p.m. PT update Pushing into Sun Microsystems' (SUNW) territory, Microsoft (MSFT) said today it will expand its Windows DNA for Financial Services framework (DNA-FS) beyond banking and into the securities industry. Microsoft's goal: to sell its Windows NT Server software as a platform to automate all the paperwork involved in buying and selling securities, a market which Sun has dominated. The company also hopes to gain from the consolidation trend among banks, stock brokerages, and insurance companies. "Sun is the competitor in this market," Microsoft's Matt Conners, worldwide securities industry manager, said. In a related announcement, Tibco, owned by Reuters, will port its financial messaging middleware to the Windows NT Server platform. Hewlett-Packard will support deployments of Tibco's system with the consulting and PC servers. The announcements, part of Microsoft's effort to move its technologies into vertical industries that Unix has dominated, came in Bill Gates's address by satellite today at a financial services conference in London. DNA stands for Distributed interNet Applications for Financial Services (DNA-FS), a software framework that allows software components to connect to mainframes, WebTV systems, and other computers. Gates also today reiterated Microsoft's plans to ship a second beta test version of its Windows NT 5.0 operating system by mid-year, followed by the final version within six to nine months afterwards. "We're doing very well on the desktop--we've replaced a lot of Unix workstations," Conners said, estimating that in the retail brokerage segment, more than a quarter of desktops run NT Server. Those figures are boosted by Merrill Lynch and Smith Barney using NT in their retail operations. "It's probably less on trading floors." Far less, says Rob Hall, vice president in Sun's unit that sells to the securities industry. "The trading floor is still predominantly Sun, and we see our Darwin entry-level workstation, and especially our thin client technology and products offering us a chance to grow that market share," said Hall. Sun's competing architecture for securities firms is called Sun Connect, which was demonstrated last June at the Security Industries Association trade show. Microsoft hopes to demonstrate its DNA-FS architecture at this year's SIA show. Hall said Sun Connect embraces Java-based network computers (NCs), not just Windows desktop machines. Wall Street has strongly endorsed Java, according to recent surveys, and Hall called Microsoft's failure to address Java in DNA-FS "a glaring omission." Like Microsoft's DNA-FS, Sun Connect also targets the convergence in financial services--banks, insurers, and brokerages getting into one another's businesses, often through mergers or acquisitions. Microsoft's immediate goal is to create NT-based solutions to the so-called Straight-Through Processing (STP) problem. Stock trades must wend through multiple computer systems at different companies, a system that is not fully automated. Microsoft hopes its partners, such as Tibco, will build NT software to streamline transactions by passing digital information from one computer system to another and by minimizing paperwork. The underlying technology in Microsoft's effort is Component Object Management or COM, which puts information into digital wrappers that can be passed from computer to computer, including mainframes and Unix machines. Sun's Hall faulted Microsoft's initiative for relying on its COM architecture, used in Windows but not endorsed by an industry standards group such as Open Group, which backs CORBA for similar purposes. Today's announcement expands DNA-FS, which was announced last month for banking, to the broader securities market. A similar effort in the insurance industry, called OLifE, also will be grouped under the broader DNA-FS framework. "The goal of DNA FS is not to facilitate convergence of industries at all; but it's clear those industries will converge," Conners said. "DNA FS will be a technical solution for when those industries converge to be able to plug in software." Tibco's involvement is key because it has 400 customers and about half the market for trading floor software. The port to NT Server will take less than a year, Conners said. Several software vendors backing Windows DNA-FS for securities include Advent Software, Comprehensive Software Systems, Dow Jones Markets, and Financial Technology International. Microsoft and partners hope to reduce the costs of processing transactions by building on established standards in the financial services industry. Reuters contributed to this report
At 4:29 AM +0000 1/21/98, Peter Gutmann wrote:
How to recover private keys for Microsoft Internet Explorer, Internet Information Server, Outlook Express, and many others - or - Where do your encryption keys want to go today?
Peter Gutmann,
Summary -------
Microsoft uses two different file formats to protect users private keys, the original (unnamed) format which was used in older versions of MSIE, IIS, and other software and which is still supported for backwards-compatibility reasons in newer versions, and the newer PFX/PKCS #12 format. Due to a number of design and implementation flaws in Microsofts software, it is possible to break the security of both of these formats and recover users private keys, often in a matter of seconds. In addition, a major security hole in Microsofts CryptoAPI means that many keys can be recovered without even needing to break the encryption. These attacks do not rely for their success on the presence of weak, US-exportable encryption, they also affect US versions.
As a result of these flaws, no Microsoft internet product is capable of protecting a users keys from hostile attack. By combining the attacks described below with widely-publicised bugs in MSIE which allow hostile sites to read the contents of users hard drives or with an ActiveX control, a victim can have their private key sucked off their machine and the encryption which "protects" it broken at a remote site without their knowledge.
Seems a good way to teach M$ a security lesson is to use Peter's code to snatch M$' ant significant keys on their corporate servers and publish. Of course, they're probably too smart to leave important data just lying around on unsecure '95/NT servers and instead use Linux ;-) --Steve
-----BEGIN PGP SIGNED MESSAGE-----
In
At 4:29 AM +0000 1/21/98, Peter Gutmann wrote:
How to recover private keys for Microsoft Internet Explorer, Internet Information Server, Outlook Express, and many others - or - Where do your encryption keys want to go today?
Peter Gutmann,
Summary -------
Microsoft uses two different file formats to protect users private keys, the original (unnamed) format which was used in older versions of MSIE, IIS, and other software and which is still supported for backwards-compatibility reasons in newer versions, and the newer PFX/PKCS #12 format. Due to a number of design and implementation flaws in Microsofts software, it is possible to break the security of both of these formats and recover users private keys, often in a matter of seconds. In addition, a major security hole in Microsofts CryptoAPI means that many keys can be recovered without even needing to break the encryption. These attacks do not rely for their success on the presence of weak, US-exportable encryption, they also affect US versions.
As a result of these flaws, no Microsoft internet product is capable of protecting a users keys from hostile attack. By combining the attacks described below with widely-publicised bugs in MSIE which allow hostile sites to read the contents of users hard drives or with an ActiveX control, a victim can have their private key sucked off their machine and the encryption which "protects" it broken at a remote site without their knowledge.
Seems a good way to teach M$ a security lesson is to use Peter's code to snatch M$' ant significant keys on their corporate servers and publish. Of course, they're probably too smart to leave important data just lying around on unsecure '95/NT servers and instead use Linux ;-)
More than likely they have them tucked away on one of the AS/400's they are running at Redmond. :) - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: Dos: Venerable. Windows: Vulnerable. OS/2: Viable. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNMaGDI9Co1n+aLhhAQHicwP+NNIDJcNmdJjW294Pr6BEMvuOHmpcm8yk AijqKWmSerz/D/VDD1zh7FwRNhkMD9qEkEXO4molAIsomo49NgBs8MhEIBSW7FhC yj2lEZ5/xNGy+SVOoEpWywQD+KpU3FZftHIBUcQE0o7Wc+0AnjHfcUUDgjDkumCF 98Qe8bFqQyg= =Z4ph -----END PGP SIGNATURE-----
At 04:29 AM 1/21/98, Peter Gutmann wrote:
How to recover private keys for Microsoft Internet Explorer, Internet Information Server, Outlook Express, and many others - or - Where do your encryption keys want to go today?
Peter Gutmann,
Has anyone done a real world implementation of this exploit? Mr. Gutmann's mscrack.c seems to compile fine, but fails self tests on internal rc2 or sha-1. Just me? Anyone?
participants (5)
-
Black Unicorn
-
pgut001@cs.auckland.ac.nz
-
phelix@vallnet.com
-
Steve Schear
-
William H. Geiger III