[2103] in cryptography@c2.net mail archive
Re: An update on MS private key (in)security issues
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Tue Feb 3 15:44:18 1998
In-Reply-To: <88650938015887@cs26.cs.auckland.ac.nz>
Date: Tue, 3 Feb 1998 09:58:05 -0500
To: pgut001@cs.auckland.ac.nz, cryptography@c2.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
At 1:36 AM +0000 2/4/98, Peter Gutmann wrote:
>A fortnight ago I posted a message exposing a number of weaknesses in the way
>various Microsoft security products handle users private keys.
One of the most disturbing weaknesses that Gutmann reports is Microsoft's
use of RC-4/40 to encrypt private keys. Presumably they are doing this to
prevent export problems. But the export control establishment claims not
object to the export of strong *authentication* software. The mere presence
of a strong encryption algorithm somewhere in the software cannot be
objectionable in and of itself, since the international versions of
Netscape and IE use RC-4/128 to encrypt SSL session keys. They simply
reveal 88 bits of the session key in the message header to get under the 40
bit export limit. Does anyone out there know if other companies have been
able to get general licenses to export authentication software that uses
strong encryption algorithms only to protect private keys?
Do Microsoft's lawyers have any idea of the risk that Microsoft is running
here? At least the tobacco companies could claim that the dangers of
smoking have been well known for years. Microsoft might easily be held
responsible for all damages resulting from private key leakage. Sloppy
cryptography may be a bigger threat to Microsoft's shareholders than the
Justice Department.
Arnold Reinhold
