Re: CryptoAPI and export question

[Jiri Baum <jirib@sweeney.cs.monash.edu.au>]

-----BEGIN PGP SIGNED MESSAGE-----

Hello Tom Johnston <tomj@microsoft.com>
  and Bill Stewart <stewarts@ix.netcom.com>
  and cypherpunks@toad.com

Bill Stewart wrote:
...
> 3) Consider the case of a contractor who buys the development kit,
...
> into the US.)  He probably can't legally re-export the code, or export
> the signed version of it, but he can export the signature itself,
> since that's not cryptographic code, and the foreign company can
> reattach it to their original document, which you have now signed....
...

This is not that difficult for MS to work around - for example, they
could modify the code harmlessly before signing it. Unless you
know *how* they modified it, you can't reproduce it.

Example: some assembly instructions have more than one machine
code representation. MS could put some kind of cryptographically
strong pattern into these (ie one that can't be reverse-engineered).

ObCrypto: Stego in .EXE files?


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQDT7ixV6mvvBgf5AQEEAwP/fJqfsCP1sA4ojwivHBeVxLpSfpKXEjpp
MgcHSVnFWkw1ezPUAmC9tugT0NEtIIDDs4ntDHUUa6Ki/bH1QFxqD5Gw8OCeGDJU
UQc/Y1o0K6XSAsiYWfEOE6fCnG3pbxGAc8s3Sz+TZbAhr0pqXIf3t1t6CNP3+dBn
Gnuq+OyIv5E=
=tfG3
-----END PGP SIGNATURE-----