Microsoft Authenticode key security
Bob Atkinson (Exchange)
bobatk at EXCHANGE.MICROSOFT.com
Wed Mar 5 09:36:26 PST 1997
Actually, and sort of to the point, no, the keys never actually ever the
BBN box, except as part of a backup procedure in which they are
extracted in a doubly-encrypted form for which for security reasons you
need the manufacturer's help in restoring.
To this day, no human or computer other than the box itself knows the
key.
Bob
> -----Original Message-----
> From: Toto [SMTP:toto at sk.sympatico.ca]
> Sent: Wednesday, March 05, 1997 9:18 AM
> To: gbroiles-nospam at netbox.com
> Cc: cypherpunks at toad.com; Bob Atkinson (Exchange)
> Subject: Re: Microsoft Authenticode key security
>
> Greg Broiles wrote:
> > >From: "Bob Atkinson (Exchange)" <bobatk at EXCHANGE.MICROSOFT.com>
> > >Subject: Comments and corrections regarding Authenticode
> > >
> > >For those curious: at the present time, the private keys with which
> > >Microsoft signs code that it publishes are managed inside BBN
> SafeKeyper
> > >boxes housed in a guarded steel and concrete bunker. Even were a
> SafeKeyper
> > >to somehow be physically stolen, these cool little boxes have
> several
> > >elaborate internal defenses designed to have the box destroy itself
> rather
> > >than compromise its keys.
>
> Bob fails to mention, however, that, as a backup system, the keys
> are
> also written on pieces of masking tape attached to the underside of
> his keyboard.
> --
> Toto
> http://bureau42.base.org/public/xenix/xenbody.html
More information about the cypherpunks-legacy
mailing list