Sergio Tabanelli wrote:
[About OffloadModExpo]
[...]
> 4. In any case in my opinion it is completely unacceptable that a system
> administrator can access users’s private keys without the user
> knowledge and
> assent.
I don't see a way to prevent an admin from gaining access to a user's keys
under the NT security model.
[Sergio] I think that encrypting the key can help.
But all this aside, there is a sound reason why
a software crypto implementation would want to offer OffloadModExpo:
hardware acceleration.
Modular exponentiation is a painfully CPU-intensive task. The market for
modexp accelerators is pretty sizable and growing. Most sites that make
heavy use of SSL that I am aware of are either employing hardware crypto
accelerators or are planning to do so in the very near future. It makes
perfect sense for a crypto library to be able to call out to a modular
exponentiation accelerator if such an accelerator happens to be installed.
[Sergio] Agreed (maybe the right way to do this is writing a new CSP).
But I think that the strange things here are:
1) A security bulletin and a patch for a non functionality.
2) The coincidence between the OffloadModExpo functionality and the no use
of the _NSAKEY:
the W2K >= beta 3 still has the _NSAKEY but DOES NOT USE IT
the W2K >= beta 3 CSPs use the “OffloadModExpo” functionality
the NT4-NT5-W2K <= beta 2 still has the _NSAKEY and USES IT
the NT4-NT5-W2K <= beta 2 CSPs DO NOT HAVE the “OffloadModExpo”
functionality
Maybe this does not mean nothing, but it looks a little bit strange.
Sergio Tabanelli
