Thursday, June 20, 2013

Secret backdoor conspiracy theory: Criticism of MS Windows

Secret backdoor conspiracy theory

In 1999 Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina found a cryptographic public key stored in the variable _KEY and a second key labeled NSAKEY. The discovery lead to a flurry of speculation and conspiracy theories; such as the second key could be owned by the United States National Security Agency (the NSA), and that it could allow the intelligence agency to subvert any Windows user's security. Also researcher Dr. Nicko van Someren discovered these cryptographic keys and a third key in the ADVAPI.DLL file which, at that time, existed in Windows 2000 before its release. Concerns were raised about CPUs with encrypted instruction sets which, if they existed during that time, would have made it impossible to discover the cryptographic keys.
Microsoft denied the allegations — Microsoft attributes the naming of the key was due to a technical review by the NSA pointing out a backup key was required to conform to regulations.
No evidence other than the name of the key has ever been presented that the key enabled a backdoor.
Cryptographer and computer security specialist Bruce Schneier has also argued against the conspiracy theory pointing out that if the NSA wanted a back door into Windows with Microsoft's consent, they would not need their own cryptographic key to do so.
The cryptographic keys have been included in all versions of Windows from Windows 95 OSR2 onwards.