Caboose

January 04, 2012 at 3:12pm

No. It is up to the conspiracy theorist nutjob to provide evidence for his claims. However, Cregan89 has done an excellent job of countering Bullwinkle's ramblings.

Cregan89

January 04, 2012 at 11:37am

I did look it up, and... Nope, no proof whatsoever.

I assume you're both talking about "_NSAKEY". Basically, some guy in 1999 found a left over variable name "_NSAKEY" in ADVAPI.DLL in Windows NT 4 Service Pack 5 on the spare signature key. This spare signature key was known about for a long time prior, this guy just found a variable name reference to it as "_NSAKEY" which led to a bunch of crazy conspiracy theories.

It makes a lot of sense that the key was referenced at one point as "_NSAKEY" because the NSA is the body who must verify Microsoft's cryptography suite signage process to make sure that it is in compliance with the Export Administration Regulations in order to be allowed to export Windows outside of the USA, and the NSA required that Microsoft add a second spare key in case the primary key was somehow lost.

Now it's very important to understand what these keys even are. They are used by Microsoft to sign cryptography software, and they ensure that Windows can only run Microsoft approved cryptography software. This cryptography software is used in many different situations, they can encrypt data, passwords for banking sites, SSL/TLS certificates, etc. It's important for Microsoft to keep control over the cryptography software that can be run on Windows so that malicous cryptography software can't be used to break encryption.

Now let's even consider that these hilarious conspiracy theories are true. Let's say that "_NSAKEY" private key is known by the NSA. What does that mean? That means that the NSA could sign it's own cryptography software, and if they can get ADMINISTRATIVE ACCESS (an important point) to your computer, they could replace your cryptography software with their own with little complaint from Windows.

So in summary, if the NSA does know the "_NSAKEY" private key, in order for them to "spy" on you, they would have to write circumvented cryptography software, sign it with their private key, HACK YOUR COMPUTER TO GAIN ADMINISTRATIVE PRIVILEGES, install their rigged cryptography software, and then somehow convince the user to transmit that encrypted data in some way that the NSA can snoop on that data, and then they can decrypt it with their key. So basically, the whole signature key is completely pointless since the NSA had to hack your computer somehow anyways in order to use it. And if they've hacked your computer, there's a hell of a lot easier ways to spy on personal data then using malicious cryptography software.

Not to mention, there has not been one single piece of software in the world ever found to have been signed with the "_NSAKEY". Not one.

And finally, everyone has a router which inspects internet packets from their computer to varying degrees. And NEVER has anyone caught any "secret" packets being transmitted from Windows to any government. And that's really the only argument necessary when anyone says Windows has government backdoors in it. No matter how sneaky the "claimed" backdoor is, that data still has to pass through a router, and from there it's a piece of cake to see what data is being sent, and where it's being sent to. So if there was a government backdoor, it would have been caught in action a long time ago.

So you nutjobs are going to have to get a little bit more creative I'm afraid. Maybe all the world governments have conspired to build a worldwide wireless spy network into every single CPU ever produced! : O

Idiots.