[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Long] How to recover private keys for various Microsoft products




-----BEGIN PGP SIGNED MESSAGE-----

In <v03102800b0eab79afcbc@[208.129.55.202]>, on 01/20/98 
   at 12:43 PM, Steve Schear <[email protected]> said:

>At 4:29 AM +0000 1/21/98, Peter Gutmann wrote:
>>    How to recover private keys for Microsoft Internet Explorer, Internet
>>            Information Server, Outlook Express, and many others
>>                                      - or -
>>                 Where do your encryption keys want to go today?
>> 
>>                    Peter Gutmann, <[email protected]>
>> 
>>Summary
>>-------
>> 
>>Microsoft uses two different file formats to protect users private keys, the
>>original (unnamed) format which was used in older versions of MSIE, IIS, and
>>other software and which is still supported for backwards-compatibility reasons
>>in newer versions, and the newer PFX/PKCS #12 format.  Due to a number of
>>design and implementation flaws in Microsofts software, it is possible to break
>>the security of both of these formats and recover users private keys, often in
>>a matter of seconds.  In addition, a major security hole in Microsofts
>>CryptoAPI means that many keys can be recovered without even needing to break
>>the encryption.  These attacks do not rely for their success on the presence of
>>weak, US-exportable encryption, they also affect US versions.
>> 
>>As a result of these flaws, no Microsoft internet product is capable of
>>protecting a users keys from hostile attack.  By combining the attacks
>>described below with widely-publicised bugs in MSIE which allow hostile sites
>>to read the contents of users hard drives or with an ActiveX control, a victim
>>can have their private key sucked off their machine and the encryption which
>>"protects" it broken at a remote site without their knowledge.
>> 


>Seems a good way to teach M$ a security lesson is to use Peter's code to
>snatch M$' ant significant keys on their corporate servers and publish. 
>Of course, they're probably too smart to leave important data just lying
>around on unsecure '95/NT servers and instead use Linux ;-)

More than likely they have them tucked away on one of the AS/400's they
are running at Redmond. :)


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------
 
Tag-O-Matic: Dos: Venerable.  Windows: Vulnerable.  OS/2: Viable.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNMaGDI9Co1n+aLhhAQHicwP+NNIDJcNmdJjW294Pr6BEMvuOHmpcm8yk
AijqKWmSerz/D/VDD1zh7FwRNhkMD9qEkEXO4molAIsomo49NgBs8MhEIBSW7FhC
yj2lEZ5/xNGy+SVOoEpWywQD+KpU3FZftHIBUcQE0o7Wc+0AnjHfcUUDgjDkumCF
98Qe8bFqQyg=
=Z4ph
-----END PGP SIGNATURE-----