The software that checks the validations is protected by the
_KEY" (like a primary key that allows resetting
other keys). If the "
_KEY" works fine -- the problem
ends there. However, if it fails to work, the "
is checked!! This is hardly how a vault is supposed to work. On a bank vault
with two dials BOTH must be properly set for the vault to open. Any second key
with a fail over, is thus a backdoor in its
truest sense. It is a hidden way to perform all the security functions. What
is worse is that the "
_NSAKEY" can be changed by
anyone having access to the front of the vault by a mere screwdriver!!!
And that screwdriver can be downloaded from the
The whole process comes about then without the user's permission or
knowledge! What more could one call this but a "breach of trust"?
It is very important to note the difference between key loss and key
compromise. Key loss is the loss of the private key itself, and with it, the
ability for Microsoft to sign Cryptographic Service Providers. Key
compromise means the loss of the confidentiality associated with the key,
as would happen if someone gained a copy of the key. If
_NSAKEY" can be used, or a replacement inserted
and it is used, the effect is the same as if the Microsoft
_KEY" has been compromised, with regard to anyone
victimized by this.
In simple language when a software component is designed in such
a way that it does not function like it was supposed to, and that change weakens the security, then it is called
Until the forced revelation by Microsoft then, the presence of
"_NSAKEY" causes CryptoAPI to come under the definition of a
Andrew Fernandes illustrates how you can create your own CSP to replace