> I happened to come by an old article (dated 04.09.1999) about NSA
> having something to do with an extra set of keys inside the Windows
> advapi.dll file. According to the article the extra keys are in this
> dll on every version of Windows between Windows 95 OSR2 and Windows
> 2000.

Yes and no. Yes, there are additional keys. No, they are from Microsoft,
and they're supposed to provide a signature for a plugin interface that
allows NSA to exchange it with its own implementation in a safe way. At
least that's the official technical explanation.

> Three questions that came to mind:
> 1. has anything similar been reported about Windows XP?

No. The architecture change removed the need for such a special
implementation.

> 2. what kind of software would one use to check the dll for keys?

A disassembler with good structure analysis.

> 3. if answer to 2 is "hex editor" or other low level editor: how would
> you know that you have found a key?

If there's some DER or BER encoded structure that looks like an exponent
plus a big composite integer of a typical site.

Comments (0)

Subscribe to this comment's feed

Name

Email

Comment

Add Comment