The _NSAKEY symbol in Windows does not affect the keys used or generated for WinInet() or CryptoAPI calls.
128-bit open source is subject to a license exception, and can thus be examined to a fare-thee-well.
I agree that the close-source nature of the CryptoAPI (and thus, crypto smart cards, and the underlying crypto libraries) is detrimental to its security evaluation. Thus, I am unwilling to state categorically that it is a secure implementation.
But, Carnivore doesn't have the capability of decrypting anything, merely decoding the packet headers. It can capture all traffic by a suspect, including the SSL-encrypted payload; however, this means that the full protocol exchange must be analyzed and cracked, and any session renegotiations must be analyzed and cracked as well.
SSLv2 was (and is) insecure. Now that the RSA patent has fallen out of protection, it's going to be more possible to use open-source (and other) software that implements SSLv3 and TLS1.0; regardless, old standards die hard.
However, I could get into a debate over whether 'self-signed certificates are insecure'. This is not the place.
Just clearing up some misapprehensions,
-Mat Butler
-----Original Message-----
From: Philippe Landau [mailto:lists@A-Z-Internet.com]
Sent: Thursday, November 23, 2000 1:26 PM
To: nanog@merit.edu
Cc: Eric Murray
Subject: Re: Carnivore Update - Washington Post 11/21/00
>> of course carnivore has no problem decrypting SSL.
>Source, please.
(this seems obvious for the still widely distributed 40 bit versions.
there are many sources discussing the NSA key in windows
and apple is likely to have implemented similar backdoors.
there could be a reason why 128 bit SSL encryption has
been approved by the US for export in december 1999.
the question is if we have to prove they can decrypt SSL communications
or if the government agencies have to show they can't
(don't hold your breath).
how strong 128 bit encryption is is another question.)
this discussion is probably getting off-topic on this list.
i have just received some thoughts about it from security expert
Eric Murray and while he is less pessimistic, please see below.
kind regards philippe, http://A-Z-Internet.com
--- *** ---
http://remus.prakinf.tu-ilmenau.de/ssl-users/archive14/0158.html
http://www.mail-archive.com/cryptography-digest%40senator-bedfellow.mit.edu/msg02375.html
http://www.tinhat.com/surveillance/code_breaking.html
SSL Server Security Survey - A random sample of 8081 different secure web servers (servers running the SSL protocol) in active use on the Internet shows that 32% are dangerously weak. These weak servers either support only the flawed SSL v2 protocol, use too-small key sizes ("40 bit" encryption), or have expired or self-signed certificates. Data exchanges with all types of weak servers are vulnerable to attack.
http://www.meer.net/~ericm/papers/ssl_servers.html
--- *** ---
On Thu, Nov 23, 2000 at 08:55:52PM +0100, Philippe Landau wrote:
> Hello
>
> Is there a possibility that a government
> has a backdoor to decrypt SSL communications ?
>
> kind regards philippe, http://A-Z-Internet.com
Yes it is possible, in the code that calls SSL. It's not very possible
in the SSL protocol itself since that has been well investigated by
security researchers.
It's a little more possible in open-source SSL implementations
but still not very likely. It's most possible in closed-source
implementations, where the code that calls SSL is
only known to the author(s). A backdoor that say reduced the
entropy going into session keys would be difficult to detect--
even decompiling the code and stepping through it might not show it.
--
Eric Murray Consulting Security Architect SecureDesign LLC
http://www.securedesignllc.com PGP keyid:E03F65E5