Government Security
Network Security Resources

Jump to content

Photo

Anything That Removes Nsa Key / Keys And Backdoor(S)

nsa backdoor

  • Please log in to reply
1 reply to this topic

#1 AnonyOdinn

AnonyOdinn

    Private

  • Members
  • 2 posts

Posted 10 June 2013 - 08:56 AM

Hello,

 

I am looking for anything that would remove the NSA key(s) that are described in this (rather old but interesting) post

http://www.heise.de/...l/5/5263/1.html

 

The original article(s) no longer provide the 'ReplaceNSAKey.zip' and the source, http://www.cryptonym.com/ simply says on their website,

"Yes, this is the website of Cryptonym Corporation (of the "NSA Key" fame).


I hope to, sometime in the near future, put a brief explanation the whole story online, so stay tuned..."

 

It's been up that way for a long, long time.  Can't seem to find it anywhere, a lot of 404s. Here we are in 2013... there was an article in 2007 that actually identified that the Cryptonym website appeared only as "Yes, this is the website of Cryptonym Corporation (of the "NSA Key" fame) so nothing has changed there forever.  Here is that article: http://linux.derkeil...1/msg01922.html

 

That is it... oh, one more thing, any tools that would help in identifying backdoors that could be installed as a result of these key(s) (or other backdoors that could be installed remotely and would not likely be detected through standard market antivirus or malware software or similar software with heuristics) would be of help.  

 

Best ways to identify and remove any such backdoors?

Does Process Monitor http://technet.micro...s/bb896645.aspx help?

 

And of course if you are aware of similar NSA Keys style compromise in Macs, and / or in Android / other mobile systems etc, I would be interested to hear of it.

 

As a side note, I am not opposed to people doing their jobs, but I think that privacy is for everyone and our rights need to be respected.

 

Thanks in advance



#2 AnonyOdinn

AnonyOdinn

    Private

  • Members
  • 2 posts

Posted 10 June 2013 - 11:34 AM

More info on this.... http://web.archive.o...ns/backdoor.asp claims it is 'only' for "crypto compliance" and basically, "don't worry about it, it's nothing really"

 

Says "The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review." (...) "However, Microsoft holds these keys and does not share them with anyone, including the NSA." (claim)

 

Cannot be trusted, read into #PRISM, etc.

 

inevitably, this led to wikipedia <sigh> https://en.wikipedia.org/wiki/NSAKEY -- quote: " It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components." (...) "A demonstration program that replaces the NSA key can be found on Cryptonym's website.." Back to square one.... Can't fiind the thing that replaces the NSA Key(s) anywhere... does anybody have this?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users