[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Microsoft Authenticode key security



Actually, and sort of to the point, no, the keys never actually ever the
BBN box, except as part of a backup procedure in which they are
extracted in a doubly-encrypted form for which for security reasons you
need the manufacturer's help in restoring.

To this day, no human or computer other than the box itself knows the
key.

	Bob

> -----Original Message-----
> From:	Toto [SMTP:[email protected]]
> Sent:	Wednesday, March 05, 1997 9:18 AM
> To:	[email protected]
> Cc:	[email protected]; Bob Atkinson (Exchange)
> Subject:	Re: Microsoft Authenticode key security
> 
> Greg Broiles wrote:
> > >From: "Bob Atkinson (Exchange)" <[email protected]>
> > >Subject: Comments and corrections regarding Authenticode
> > >
> > >For those curious: at the present time, the private keys with which
> > >Microsoft signs code that it publishes are managed inside BBN
> SafeKeyper
> > >boxes housed in a guarded steel and concrete bunker. Even were a
> SafeKeyper
> > >to somehow be physically stolen, these cool little boxes have
> several
> > >elaborate internal defenses designed to have the box destroy itself
> rather
> > >than compromise its keys.
> 
>   Bob fails to mention, however, that, as a backup system, the keys
> are 
> also written on pieces of masking tape attached to the underside of
> his keyboard.
> -- 
> Toto
> http://bureau42.base.org/public/xenix/xenbody.html