[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft CAPI



Mike McNally <[email protected]> writes:
>Ravi Pandya wrote:
>> ... You can't load an encryption engine into Windows 95 or
>> Windows NT unless that engine has been specially signed by
>> Microsoft's corporate key.
>
>And so what happens when the Microsoft key is compromised?  It might
>be hard to break by purely cryptographic means, but surely there are
>some people at Microsoft who aren't millionaires.

But who may want to be, eh?  :)

Actually it is also possible to use a much more overt route and just
patch around anything which is doing the signature checking (possibly
on just a temporary basis if the checks are only made when the engine
is first loaded.)

jim