Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NSAKEY
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Overview == [[Microsoft]] requires all [[cryptography]] suites that interoperate with [[Microsoft Windows]] to have an RSA [[digital signature]]. Since only Microsoft-approved cryptography suites can be shipped with Windows, it is possible to keep export copies of this operating system in compliance with the [[Export Administration Regulations]] (EAR), which are enforced by the [[Bureau of Industry and Security]] (BIS).<ref name=Chappell>{{cite web|url=http://members.ozemail.com.au/~geoffch@ozemail.com.au/security/cryptoapi/cspsigs.htm|first=Geoff|last=Chappell|title=CSP Signatures|date=September 12, 1999|archive-url=https://web.archive.org/web/20060504051529/http://members.ozemail.com.au/~geoffch@ozemail.com.au/security/cryptoapi/cspsigs.htm |archive-date=4 May 2006 }}</ref> It was already known that Microsoft used two keys, a primary and a spare, either of which can create valid signatures. Upon releasing the Service Pack 5 for [[Windows NT 4.0]], Microsoft had neglected to remove the [[debugging symbol]]s in ADVAPI32.DLL, a library that exposes such Windows features as [[Windows Registry]] and security. Andrew Fernandes, chief scientist with Cryptonym, found the primary key stored in the variable {{tt|_KEY}} and the second key was labeled {{tt|_NSAKEY}}.<ref name="Cryptonym">{{cite web|title=Microsoft, the NSA, and You|url=http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html|last=Fernandes|first=Andrew|date=1999-08-31|website=cryptonym.com|publisher=Cryptonym|url-status=dead|archive-url=https://web.archive.org/web/20000617094917/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html|archive-date=17 June 2000|access-date=26 October 2005}}</ref> Fernandes published his discovery, touching off a flurry of speculation and [[conspiracy theory|conspiracy theories]], including the possibility that the second key enabled the United States [[National Security Agency]] (NSA) to subvert any Windows user's security.<ref name="CNN">{{cite web|title=NSA key to Windows: an open question|url=http://edition.cnn.com/TECH/computing/9909/03/windows.nsa.02/|date=5 September 1999|website=CNN Online|publisher=Cable News Network|url-status=dead|archive-url=https://web.archive.org/web/20151005212459/http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/|archive-date=2015-10-05}}</ref> During a presentation at the [[Computers, Freedom and Privacy Conference|Computers, Freedom and Privacy]] 2000 (CFP2000) conference, [[Duncan Campbell (journalist, born 1952)|Duncan Campbell]], senior research fellow at the [[Electronic Privacy Information Center]] (EPIC), mentioned the {{tt|_NSAKEY}} controversy as an example of an outstanding issue related to security and surveillance.{{Citation needed|date=September 2011}} In addition, Dr. Nicko van Someren found a third key in Windows 2000, which he doubted had a legitimate purpose, and declared that "It looks more fishy".<ref>{{cite web|title=How NSA access was built into Windows|url=http://www.heise.de/tp/r4/artikel/5/5263/1.html|last=Campbell|first=Duncan|author-link=Duncan Campbell (journalist, born 1952)|date=1999-01-04|website=Heise Online|publisher=Heise Medien}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)