Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What are the implications of the NSA key in CryptoAPI on PGP Security?

cryptoapi implications key NSA PGP security
0
Posted

What are the implications of the NSA key in CryptoAPI on PGP Security?

0 CommentsAdd a Comment

1 Answer

0

CryptoAPI is present in all modern version of Windows, including NTv4, Windows 2000, Windows 95 & Windows 98 and offers cryptographic primitives for use in high level applications (such as the SSL implementation in Internet Explorer and the S/MIME implementation in Outlook). Recently it has been disclosed that CryptoAPI (Microsoft’s Cryptographic API) has a “secret” key that enables the holder of the key to sign CryptoAPI modules (these modules are known as CSPs, or Cryptographic Service Providers) – these modules can then be silently installed onto a users machine. The real big news is that this key is call _NSAKEY internally by windows. This has led to speculation that this key is really a NSA owned key that allows them to remotely install weakened crypto onto users machines etc. The _NSAKEY variable name was only discovered by accident – MS forgot to strip the symbolic debugging information from NT v4 SP5 which allowed A.Fernandes of Cryptonym to detect the name of the variable and

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123