[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft Authenticode key security




Recent discussion on the cypherpunks list(s) talked about the
feasibility of subverting Microsoft's security model by stealing their
private key(s). The following snippet (originally sent to RISKS
digest) might be of interest:

>Date: Mon, 3 Mar 1997 19:23:15 -0800
>From: "Bob Atkinson (Exchange)" <[email protected]>
>Subject: Comments and corrections regarding Authenticode
>
>As the architect and primary implementor of the Authenticode code-signing
>technology (boy, that'll get me mail :-) found in Internet Explorer 3 and in
>Windows NT 4, I think my perhaps somewhat lengthy and clearly very biased
>perspective on some recent articles might be of interest to others.
>Bob Atkinson
>[...]
>For those curious: at the present time, the private keys with which
>Microsoft signs code that it publishes are managed inside BBN SafeKeyper
>boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper
>to somehow be physically stolen, these cool little boxes have several
>elaborate internal defenses designed to have the box destroy itself rather
>than compromise its keys. As I understand things, a military variation on
>the SafeKeyper technology is used as an integral part of launch control of
>nuclear missiles on submarines in the US Navy.


--
Greg Broiles                | US crypto export control policy in a nutshell:
[email protected]         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            |