Karl Denninger at The Market Ticker takes us back to a security conference held in 1999 and talks about the implications today:
But They Would NEVER Do That....
My oh my you folks have short memories....:The dateline on this story?Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.
1999.
Now for the punchline:There wouldn't be any such sort of capability in chips nowdays, would there?According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."
I still have all of my Windows NT4 distribution disks -- I will have to take a look. Windows has a lot of stuff going on under the hood -- I am running Win7 and have it pretty well stripped down -- currently have my browser and Outlook running and there are 58 processes running in the background. A lot of these are benign -- sound, printing, mouse, display, etc... but do I know what each and every one is doing? No.