[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: M$ CryptoAPI Question



On Sun, 17 Mar 1996 [email protected] wrote:

> At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
> > I wonder if it's worth it to crack their approval mechanism so we can
> > add our own crypto subsystems without asking Microsoft's approval.
[...]
> Wait until Microsoft makes some oppressive decisions, 
> or is compelled to make some oppressive decisions.]
> 
> I do not expect that any cracking will be needed.  Microsoft 
> will approve a freeware module for use in America, and then, 
> alas alas, someone will leak it.

If the only goal is to allow international strong crypto using the
CryptoAPI, then I agree with the above. However, exploring the CryptoAPI
internals now, while there is still a possibility that they can be
changed, is a productive undertaking to the extent that it exposes holes. 

If the good guys can find a way to plug an unapproved international
strong-crypto module into the CryptoAPI, then the bad guys can find a way
plug in a no-crypto virus or trojan horse. 

[email protected]
 http://www.c2.org/hackmsoft/ and other cool stuff