ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Expert disputes charge of Windows backdoor

September 13, 1999
Web posted at: 11:44 a.m. EDT (1544 GMT)

by Ann Harrison
windows graphic
NSA key to Windows: an open question

(IDG) -- An independent security expert has questioned allegations made earlier this month (see "Microsoft denies crypto-flaw charge," link below) that the National Security Agency (NSA) has a backdoor to Microsoft Corp.'s Windows platform.

Andrew Fernandes, chief scientist at a Mississauga, Ontario-based security software company called Cryptonym Corp., said one of the two keys that Microsoft uses to digitally sign cryptography suites that secure data is called "NSAKEY" in the code. This led to suspicions that the NSA had the ability to sign cryptography suites or insert a Trojan Horse -- both of which could compromise encrypted data on Windows 95, 98, 2000 and NT.

But respected cryptographer Bruce Schneier, president of Counterpane Systems, a Minneapolis-based cryptography and security consultancy, noted that if the NSA wanted to compromise Microsoft's CryptoAPI, which supports the encryption of data in Windows programs, there are easier ways. The NSA could convince the company to divulge the secret-key portion of its signature key, for example; get Microsoft to sign an NSA-compromised security module; or install a module other than CryptoAPI to break encryption strategies.

"It's not an NSA key so they can secretly install weak cryptography on the unsuspecting masses," said Schneier. "There are just too many smarter things they can do to the unsuspecting masses."
  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
 Reviews & in-depth info at's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers

Schneier also pointed out that the NSA doesn't necessarily need a key to compromise security in Windows because programs like Back Orifice can do so on most systems without keys.

Perhaps the biggest tip-off to skeptics was the name of the key itself. If the NSA did have a secret key, naming it "NSAKEY" seemed too obvious. While companies such as Microsoft, which don't release their source code for review, are always under suspicion that they could be hiding backdoors in their products, anyone with a debugger could have found the "NSAKEY" name, Schneier observed.

Microsoft denies that the NSAKEY key is actually shared with the NSA and asserts that the company has no backdoors in any of its products. "We have not shared it with the NSA or any other third party. It's maintained by Microsoft, and we have it in a secured facility," said Scott Culp, Microsoft's security product manager.

Culp said the NSAKEY key is a backup to its primary digital-signature key used to enforce encryption export regulations. Current U.S. law limits exportable software products to 56-bit cryptography unless a waiver is granted. Culp noted that export licenses are granted by the U.S. Department of Commerce, but the technical compliance review is conducted by the NSA -- hence the key name. "It was just a really bad name, just a really poorly chosen name, and I think its safe to assume that we will change the name of that variable," said Culp.

Culp explained that developers of general-purpose programs that implement cryptography use Microsoft's CryptoAPI to let Windows encrypt and decrypt data. If developers want to create their own pluggable modules or cryptography suites to implement a particular algorithm in a Windows-compliant program, they can write a cryptographic service provider (CSP) that implements that function.

Culp said Microsoft is required by law to make sure that only CSPs that comply with export regulations can be loaded in CryptoAPI. When the CSPs are run under the CryptoAPI, the key verifies the digital signature of the CSP as it loads, confirming that it has met export requirements.

"It's not a backdoor. No data encryption is done with these keys; they are signing keys only," said Culp.

Culp added that each signing key is actually a pair of keys -- a private and public key. The public signing key resides in every copy of Windows. And the private key, held by Microsoft, is matched with the public key to confirm the identity of the CSP.

Culp says the backup NSAKEY was created to ensure that if the secure facility holding the private key was destroyed by an earthquake or other disaster, the company wouldn't have to replace all the public keys in every Windows system.

NSA key to Windows: an open question
September 3, 1999
MS, Intel demo 64-bit Windows for Merced
September 2, 1999
Efforts made to prevent privacy abuses against U.S. citizens
June 7, 1999

Microsoft denies crypto-flaw charge
Is Windows wide open to the NSA?
(PC World Online)
Microsoft disputes expert's characterization of Windows 'back door'
Feds to push security from talk to action
Microsoft to get outside audit of Hotmail service
E-commerce security unsafe?
(Network World Fusion)
Making the Web safe for commerce
(The Industry Standard)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Microsoft Corp.
National Security Agency (NSA)
Cryptonym Corp.
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.