[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Microsoft Authenticode key security
Actually, and sort of to the point, no, the keys never actually ever the
BBN box, except as part of a backup procedure in which they are
extracted in a doubly-encrypted form for which for security reasons you
need the manufacturer's help in restoring.
To this day, no human or computer other than the box itself knows the
key.
Bob
> -----Original Message-----
> From: Toto [SMTP:[email protected]]
> Sent: Wednesday, March 05, 1997 9:18 AM
> To: [email protected]
> Cc: [email protected]; Bob Atkinson (Exchange)
> Subject: Re: Microsoft Authenticode key security
>
> Greg Broiles wrote:
> > >From: "Bob Atkinson (Exchange)" <[email protected]>
> > >Subject: Comments and corrections regarding Authenticode
> > >
> > >For those curious: at the present time, the private keys with which
> > >Microsoft signs code that it publishes are managed inside BBN
> SafeKeyper
> > >boxes housed in a guarded steel and concrete bunker. Even were a
> SafeKeyper
> > >to somehow be physically stolen, these cool little boxes have
> several
> > >elaborate internal defenses designed to have the box destroy itself
> rather
> > >than compromise its keys.
>
> Bob fails to mention, however, that, as a backup system, the keys
> are
> also written on pieces of masking tape attached to the underside of
> his keyboard.
> --
> Toto
> http://bureau42.base.org/public/xenix/xenbody.html