posted 03-03-2002 09:27 PM
Full text and links at: http://www.amug.org/~glguerin/research/nsa/index.html
Here is first part:
Is Microsoft Still Entwined with US Spy Agency?
Mesa, Arizona - 30 November 1999 - In a stunning follow-on to the recent
flurry of security flaws revealed in Microsoft products, including the
discovery of a National Security Agency (NSA) 'back door' in every copy of
Windows, an Arizona-based freelance software engineer has revealed that
Microsoft's cryptographic keys contain the letters 'NSA' embedded in them.
The keys are supposed to be random bit-patterns that encrypt, or hide, network
data to prevent high-tech eavesdropping. These bits were found to be non-
random, and actually contained the three initials of the US spy agency when
submitted to a simple binary calculation known as 'exclusive-OR' (XOR).
Other security experts have confirmed the discovery. Renowned security guru
Bruce Schneier responded with a stunned "Wow!" when first informed. An
independent analyst, Dave Mallory of Coyote Security Consultants in Phoenix,
said "I'm astounded - it's not just the NSA's fingerprints on this, it's
virtually their agency logo!" Australian privacy researcher C. A. Trent
commented that "Since this particular cryptographic key is used in the
exported version of Microsoft's security software, it's plain to see who
really made this key, and why."
While investigating the second version of Microsoft's encryption software
for managing virtual private networks (VPN's), Arizona-based freelance
engineer Gregory Guerin discovered that portions of a supposedly random
key actually consisted of the letters 'nsa' combined with notably
non-random bit-patterns. Following the analysis given by Schneier, Mudge,
and Wagner in the research paper "Cryptanalysis of Microsoft's PPTP
Authentication Extensions (MS-CHAPv2)", which describes a key-truncating
algorithm in the software, Guerin was investigating the significance of
a 24-bit 'magic constant' used with all export-controlled keys. The authors
of the original paper had expressed concern over this very weakness - that
the constant could be an intentional 'trapdoor' in the algorithm - and who
might be able to exploit such a weakness.
The 'magic constant' in MS-CHAP has the value D1269E (in hex), and appears
to be randomly chosen. But when subjected to some simple bit-oriented
operations with certain non-random bit-patterns, the letters 'nsa' emerge.
The steps to expose the letters are:
D1269E - take the 'magic constant' and...
2ED961 - ...invert each bit (0's to 1, 1's to 0)
40AA00 - then XOR with this bit-pattern...
6E7361 - ..to get the ASCII letters 'nsa'
The XOR'ed bit-pattern 40AA00 is notable for its non-randomness. Examining
each byte alone in binary form:
40 = 01000000 binary - all 0-bits except for a single 1-bit
AA = 10101010 binary - perfectly alternating 1's and 0's
00 = 00000000 binary - all 0-bits
All of these bytes are distinctly non-random, and when combined into a
24-bit value are even less random. "It's as if you tossed two handfuls of
Scrabble letter-tiles on the floor," said Guerin, "and they fell into
place as: 'Big Brother is watching you.'"
...
Chemtrail Central Forum
UBBFriend: Email This Page to Someone! 
posted 03-03-2002 09:27 PM
