[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: M$ CryptoAPI Question



At 12:02 AM 3/18/96 -0800, you wrote:
>
>If the good guys can find a way to plug an unapproved international
>strong-crypto module into the CryptoAPI, then the bad guys can find a way
>plug in a no-crypto virus or trojan horse. 
>

You want to prove:
(A)
IF you CAN plug in an unapproved module
THEN you CAN plug in a trojan/virus.

That doesn't mean, however, that:
(B)
IF you can't plug in an unapproved module
THEN you can't plug in a trojan/virus.

The subversion mechanisms would just not use the standard API.  
So what have you really proved if you can prove (A)?

>[email protected]
> http://www.c2.org/hackmsoft/ and other cool stuff
>
>