[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Authenticode key security



Greg Broiles wrote:
> >From: "Bob Atkinson (Exchange)" <[email protected]>
> >Subject: Comments and corrections regarding Authenticode
> >
> >For those curious: at the present time, the private keys with which
> >Microsoft signs code that it publishes are managed inside BBN SafeKeyper
> >boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper
> >to somehow be physically stolen, these cool little boxes have several
> >elaborate internal defenses designed to have the box destroy itself rather
> >than compromise its keys.

  Bob fails to mention, however, that, as a backup system, the keys are 
also written on pieces of masking tape attached to the underside of
his keyboard.
-- 
Toto
http://bureau42.base.org/public/xenix/xenbody.html