Hacker News new | past | comments | ask | show | jobs | submit login
_NSAKEY (1999) (wikipedia.org)
8 points by mcantelon on July 12, 2013 | hide | past | favorite | 10 comments

And before someone else says this is bollocks, I've worked at a company with shared source access to Windows and there are still bits you can't get at like the CSP implementations so there may still be stuff like that in there.

No open review for any crypto functions in Windows is possible.

That's basically a fucking massive red flag.

The Windows source code is the most comprehensively reverse engineered codebase in the world. Virtually every software security firm and every security product company has someone on staff who has the lay of the land for the kernel, services, and drivers. Even if Microsoft didn't publish most of the debug symbols for the OS, which they do, it'd still be the best understood closed source codebase in the world.

The likelihood of them hiding backdoors in software that you don't know about simply because some company you worked at that had access to some of their actual source code didn't have all that source code is low.

You underestimate the problem.

Look at just chrome for example, which I've posted my rationale for here:


Not a chance in hell.

I don't understand your comment. Mine was a statement of fact. Your assessment of the information density of Chrome versus that of the human genome was comprehensively debunked.

there are no facts in your comment. Please cite your sources. Not only that, my hypothesis hasn't been debunked or disproved.

Well, there is a complete disassembly of windows code used to re-implement it: http://en.wikipedia.org/wiki/ReactOS.

Have you attempted reversing code?

All those conspiracy theories sound a lot more reasonable today than they did back in 1999.

No. This reframing of the scariness of the NSA is one of the things that drives me batty about the NSA coverage on HN.

The NSAKEY conspiracy theory wasn't dismissed in the late '90s because people thought the NSA wouldn't backdoor Windows. The opposite is true; the NSA was so feared in the '90s that people didn't (and still don't) trust standards like DSA, for fear that the parameter generation algorithms they use were backdoored.

No, the reason nobody takes the NSAKEY conspiracy theory seriously is because if the NSA was going to backdoor Windows, they wouldn't do it with the ASCII string "NSAKEY".

They could also just send someone in there to steal the keys... Either way is plausible. But this is just one example of how open source peer-review improves security over proprietary implementations.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact