How many back door keys does Windows have? And why? : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Came across this article in techweb about something called NSA that has a key in Windows. Not sure about the accuracy of the source, but the contents of the article make it appear as though Microsoft has designed its products in collusion with a government agency. Can anyone looking through the article assess its veracity?

-- Rachel Gibson (, September 05, 1999


Windoze and Microsnot software has ALWAYS had built in security holes. As long as people are drawn to mediocracy, as long as people run with the sheep"*** they will always pay several times more for using, hasseling and replacing the crap that they bought.

Get a Mac. The new G-4's are twice as fast as a 600mhz Pentium III and start at $1,500.

** run with the sheep should be Microsoft's catch phrase

"Where do you want to go today?" We ALL KNOW where we are going with Microsoft's software! Isn't that what this forum is all about? An operating system and software that does not recognize four-digit dates?

-- dw (, September 05, 1999.

Don't doubt it a bit. LOTUS (TM) NOTES(TM) has a back door in its encryption system that includes half of the "Strong" key in each document, much to the chagrin of several Scandinavian Embassies......


PS ALL the BETTER reason to use PGP! For EVERYTHING including disk cleanup

-- Chuck, a night driver (, September 05, 1999.

PS: Windoz NT can be hacked by 10 year-olds.

-- dw (, September 05, 1999.

PSS: Open ANY Microsoft Word document with BBEDIT or other serious text program and lean all kinds of things about the author, who the owner of the software is - and possible contents of their hard-drive.

-- dw (, September 05, 1999.

The "spin" is, naturally, "no big deal," since NSA has the ability to get into your stuff anyway.

Yeah, but that could take some time. How about this (my speculation):
Justice Department Pig: "Hey Bill, you know we can hack Windows if we want, but here's an offer you can't refuse. We'll not hit you too hard on the anti-trust thing if you make it EASY for us, with a backdoor, to get in."
Bill (the weasel that he is, who has the bucks to fight, but caves instead):"Oh, OK."

-- vbProg (, September 05, 1999.

Can you say "LINUX"?

I knew you could.

If you're not sure about any back doors, just download the source & look for one.

I know, I know, most of you aren't programmers. BUT, there's plenty of OTHER programmers doing just that, and word gets out about these kind of things on the newsgroups. So far, I haven't heard a thing.


-- Jollyprez (, September 05, 1999.

Windows Under Fire - Extra Encryption Key Discovered

By Michael J. Martinez 9-3-99

Every version of Windows 98 and Windows NT contains a special program to encrypt sensitive data, from e-mails and documents to e-commerce transactions over the Internet.

The program is called the cryptoAPI, and it uses an encryption key, managed by Microsoft Corp., to lock and unlock the sensitive data stored on a computer and sent across the Internet. Instead of having each application do the number crunching, Windows essentially does it instead. But there's not just one key - there are two.

In an analysis published on the Internet today, the head of a Canadian security firm, Cryptonym, claims that the two keys have existed within Windows since the later versions of Windows 95. He adds that the second key is labeled "NSAKEY" within the latest service pack for Windows NT 4.0, the Windows operating system widely used in servers and corporate workstations.

NSA, among a wide variety of other meanings, could stand for the U.S. National Security Agency, an intelligence organization charged with cracking codes and encryption schemes. It could also stand for "network security administration" or "not saying anything" - no one outside Microsoft knows, and Microsoft isn't commenting. "We've never known what the second key was for," says Cryptonym founder Andrew Fernandes, "but it's certainly possible that it's for law enforcement or espionage purposes."

How Windows Crypto Works

Encryption is used to encode e-mail messages, documents and Internet transactions. In the case of computers, the code can consist of dozens, or hundreds, of ones and zeros. The lowest government- approved encyrption standard, a code 56 digits long, took 22 hours to break.

The cryptoAPI essentially lets software developers write programs that simply plug into Microsoft's encryption scheme, instead of having to write their own. Microsoft manages the keys, and can provide access to the data or transactions at the request of the user, or a duly-authorized third-party. In the case of corporate users, other people within the corporation could have access to the key as well.

But that still doesn't answer the question: why two keys?

Feds Want 'Backdoor' Key

The U.S. Commerce Department has maintained strict controls on the export of strong encryption. Software company can ship stronger encryption overseas - as long as the U.S. government receives a key to that encryption. In 1997 companies were given two years to change their policies to comply. The government's key is often called the "backdoor" key.

It's unclear whether the cryptoAPI falls under the Commerce Department regulations. However, when it comes to APIs, Microsoft does not change its encryption schemes to account for the laws in different nations. Thus, the two-key scheme isn't just on computers overseas, but also on machines running right here in the U.S.

"Talk of NSA involvement aside, one could say that Microsoft has complied with these regulations, and is including two keys," says Peter Tippett, chairman if ICSA, Inc., a Reston, Va.-based security consulting firm.

Who Has the Second Key?

Meanwhile, Fernandes says he's come up with a way to change the second key into anything else the user wants. If he or she wants strong, 256-bit encryption, it can be installed in place of "NSAKEY." This means that virus programs or hacking exploits can be written to change the key without the users' knowledge. Thus, if users do not maintain "safe computing" practices, they could very well find their strong encryption replaced with no encryption at all, exposing their data to anyone interested in it.

Microsoft and the NSA did not answer repeated requests for comment on Friday. Russ Cooper, a Windows NT security expert and editor of the Web site NTBugTraq, has reported that the NSA insisted that Microsoft include the second key, though that could not be independently confirmed.

And then there's the trust issue.

"Microsoft has not been forthcoming on this issue," Fernades claims. "If I don't know anything about this second key, how the hell do I know what else Microsoft has stuck in their code?"

"We've never known what the second key was for, but it's certainly possible that it's for law enforcement or espionage purposes."

Andrew Fernandes, Cryptonym National Security Agency Copyright )1999 ABC News Internet Ventures.

-- andy (, September 05, 1999.

Nice hate-thread here.

Regarding security: Unix systems get hacked and trashed all the time.

Regarding The Beloved Mac: apparently you aren't quite up to speed on the latest furor -- the non-upgrade-trap that is creating quite a few enemies among The Devoted.

Regarding MS-bashing in general: get a life, pull your hand out of your pants, and buy some zit creme.

Oh, and regarding the "NSA Key"? It's been debunked, most of those making the initial noise about it have quietly backed down when confronted with the facts. Your premature ejaculation, triggered by a compulsion to jump the gun at the mention of the M-word, seems to have placed you squarely in front of your petard. See above re "life".

-- Ron Schwarz (, September 05, 1999.

Thanks for responding, everyone.

Jolly, for the sake of us non-programmers, can you say more about what makes LINUX more secure?


"Regarding The Beloved Mac: apparently you aren't quite up to speed on the latest furor -- the non-upgrade-trap that is creating quite a few enemies among The Devoted."

My intent in posting the original question was certainly not to start a hate-thread, but simply to learn more. However, now that you've intrigued me about Mac problems, could you please say more about them? Thanks.

-- Rachel Gibson (, September 05, 1999.

I do not work with encription with Widows but I do work with "out of bounds" memory locations. I have been very pleased to discover that MS has ported a bunch of Direct Memory Selectors from WIN3 (maybe win2 for all I know) all the way up to WIN98. These selectors alow the programer to access anywhere in memory with out causing a GPF or OutofBounds error. They are documented in old versions of MS Knowledge Base (pre 1993) but are currently undocumented.

It has been a great boon for me as I can port code up trough the operating system transistions, but it does give the programer a lot of room to play around.

-- helium (, September 05, 1999.

MS is the inevitable victim of their own success. In the first place, people resent success of that magnitude, out of simple envy. Second, a system that dominates will attract many more hackers, who will find many more errors. (I'm convinced that if the Mac dominated instead, this hacker army would have been able to do the same, and an army of lousy programmers would have written a ton of shit for the platform to get sales, and everyone would love to hate the Mac).

I haven't found anything I'd call inherently better about either architecture or CPU or OS, all have their strengths and weaknesses, and programmers of all range of skill have worked with both. But by comparison the Mac (and Linux) are unexamined systems. Under the scrutiny Windows has encountered, they probably wouldn't shine any brighter than Windows does.

-- Flint (, September 05, 1999.

I'd agree with flint.

The other main benefit of unix is that it is small enough to be manageable. Windows is too big for the average programmer to sift with a fine tooth comb. With unix you can still look under the hood and see what's lurking there.

-- the hunchback (, September 05, 1999.

OS 8.6 and beyond will NOT run on older 030 based Macs so what!. Apple was brave and smart enough to move to an even better operating system.

Microsoft has chosen to build more crap ontop of crap - 40 million lines in Windows 2000 (and still using DOS promps here in '99?).

The PowerPC processor (jointly made with Apple, Motorola & IBM) was a giant leap foward and Apple chose to do what most businesses, corporations, organizations, gov.s do not, they let go of the old obsolite and moved on to better pastures.

In 1984 Apple came out of the box capable of going another 30,000 years.

Windows, in many ways comparible to Y2K. No one wished to upgrade systems to suit the four-digits, so it may be backwards compatable, but try running Windows 98 on a 386 (You may get somewhere, but it may take a little time).

The Mac operating system is secure in a superior way due to the fact that it did not stary out as a networking type of computer (open to security holes), it was designed to be a desktop computers. Fortunatly, it's easier to network with PC's Macs, NT, and mixed enviroments than any other operating system on the planet!

Minimum viruses harm the Mac, while a majority attack purley Windows systems. This is not because more hackers write viruses for the masses (PeeCees), it is because Windows is FULL OF SECURITY HOLES!

It takes minutes to hook up devices to a Mac and hours to days for a PC (how many times has it taken PC users five minutes to hook-up a new CD player or sound card?). Apple has always been plug and play. Apple asked that all software have standard commands and pull down menu's etc.

PS: Apple is very cross-platform! I've saved more than one propeller heads problem on my Mac and gave it back on a IBM formatted disk.

One negative thing about Apple, as cheaper seems to be the mantra for better - and to compete with the $500 PeeCee clones, Apple is putting cheaper IDE drives (instead of faster SCSI), USB ports and other PeeCee crap on their new devices. This may make the Mac not as solid as it's older models, they were built like tanks!

Someday, someone will design a simpler, better machine, but until that time Macintosh is best, even for running Unix and Linux.

By the way, I have a life, cause I spend almost NO TIME screwing with my computer - one button turns it on, it runs smooth and never have problems, but do I spend too much time here.

-- dw (, September 05, 1999.

PSS: I do not envey Microsoft's riches. MacDonalds is the biggest restaurant chain, but the food is still crap. Who makes the most money does not mean they make a better product. Mercedes, Volvo and BMW totaled have 5% of the car market - does that make them loosers too? The snobery of financial success does not hold a candle to a better product - but I am an idealist.

I have been "only" around computers since 1998, but in that time I have seen nothing but PC's with their top off and the owner frustrated with what is under the hood. I've published 10 magazines, three books, hundreds of forms and flyers, kept databases, accounting and logged on to the internet with ease.

PS: Excuse all my typos.

-- dw (, September 05, 1999.

dw: I'm grateful (for small favors) that Microsoft is still using DOS promps here in '99, despite that it has chosen to build more crap ontop of crap - 40 million lines in Windows ...

Those 40 million lines of crap STILL lack many CONVENIENT and FUNCTIONAL utilities. So, with the DOS prompt, I can still run some DOS utilities that are up to 15 years old.

If we dodge the Y2K bullet, and I'm still in this business, I'm gonna seriously look at Linux and AMD.

-- vbProg (, September 05, 1999.


Who cares if the NSA has a backdoor to your stuff, (if they really wanted it they'd break into your house and steal the computer itself.

What is scary is that MICROSOFT has the same key too...

Uncle sam is only peripherally interested in the activities of MSFT's rivals, But Gates is KEENLY interested in the activities of his rivals...

-- squish (, September 05, 1999.

Moderation questions? read the FAQ