WingNews logo WingNews
top | item 19322865

(no title)

woodman | 7 years ago

It was a debugging symbol that a Microsoft developer either negligently or heroically included in a public release... so that explains away the "nobody would be so stupid" argument. You are aware of how the Intel ME killswitch was located right? A commented xml file included with the flashing software helpfully informed anybody willing to look that a field was related to the NSA's High Assurance Platform program. This was after ten years of security researchers pointing at the fact that this was a backdoor. For whatever reason both Intel and the NSA were happy to let the public remain needlessly vulnerable all that time... But yeah, I'm just like one of those water fluoridation loons. The NSA wasn't at all hamfisted in the intentional weakening of elliptic curves and blatant RSA bribery, this isn't an obvious pattern emerging.

discuss

order

ryanlol|7 years ago

NSAKEY people have had over two decades to produce any evidence in support of their weird conspiracy theory, but strangely enough they’ve utterly failed to do so.

woodman|7 years ago

The demand for evidence in the wake of all the NSA leaks is laughable.[0] What does evidence of the NSAKEY being a backdoor look like to you, a provably malicious CSA shim, signed by the key, hand delivered by James Clapper?

I'll tell you what it looks like to me:

After the debug symbol is found, Microsoft gives a seemingly very stupid explanation for it[1]: "It is a backup key. Yeah, uhhhh... during the export control review - the NSA said that we had to have a backup key, so we named it after them..." After being challenged on the plausibility of their backup scheme they refuse to provide any further explanation.

Here is the funny part: Microsoft might be technically telling the truth about it being a "backup". Consider what else was going on around this period: ridiculous export controls on key-length, the clipper chip... and finally: government managed private-key escrow[2]. At that time the export regulations did not specify a backup requirement, and yet Microsoft claims otherwise. You know who else was talking a lot about backups? The Whitehouse, in its proposal for allowing the export of key-lengths above 56-bits - so long as applicants implement "key-recovery".[3] Somehow I don't think that we share the same definition of the word "backup".

Also, ECI Sentry Raven[4], have fun with that.

[0] https://assets.documentcloud.org/documents/784280/sigint-ena...

[1] https://cryptome.org/nsakey-ms-dc.htm

[2] https://web.archive.org/web/20000818204903/https://csrc.nist...

[3] https://epic.org/crypto/key_escrow/key_recovery.html

[4] https://archive.org/details/nsa-sentry-eagle-the-intercept-1...

geofft|7 years ago

Yeah I don't think my comparison to fluoridated water is out of line. The entirety of the NSAKEY evidence is "it has NSA in the name." That's not even as strong as the evidence that fluoridated water has minimal health benefits and more risks than the government claims, which is weak evidence but at least it exists.