This topic has problably just about reached its use-by date, but I recently
saw a comment by "J. Andr<E9>s Hall" <[EMAIL PROTECTED]> on how to
cripple Microsoft's own CSP's using _NSAKEY:
>Because the person posessing the private key corresponding to _NSAKEY can now
>take a trusted, signed CSP (even Microsoft<B4>s very own Enhanced CSP!),
>cripple the random number generator used to generate keys, re-sign it and
>have Windows happily load the altered CSP after checking the new signature
>against _NSAKEY. The crippled CSP would now generate keys that could be
>easily cracked using a brute-force attack that in turn tried each of the very
>limited number of different keys that the altered CSP was able to generate.
>(This may already have been done to *your* PC via Back Orifice or NuBus.
>Scary? You bet!)
This doesn't involve installing a parallel CSP signed with _NSAKEY as per
existing discussions, but simply changing a few bytes in the original
Microsoft CSP and providing a new signature along with your own _NSAKEY. This
has been touched on indirectly, but I don't think anyone's mentioned the
ability to merely castrate Microsoft's CSP a la the Netscape RNG patch, as
opposed to loading a completely new (crippled) CSP.
Peter.
