_NSAKEY

In computer security and cryptography, _NSAKEY was a variable name discovered in Windows NT 4 Service Pack 5 (which had been released unstripped of its symbolic debugging data) in August 1999 by Andrew D. Fernandes of Cryptonym Corporation. That variable contained a 1024-bit public key.

Overview

Microsoft's operating systems require all cryptography suites that work with its operating systems to have a digital signature. Since only Microsoft-approved cryptography suites can be installed or used as a component of Windows, it is possible to keep export copies of this operating system (and products with Windows installed) in compliance with the Export Administration Regulations (EAR), which are enforced by the US Department of Commerce Bureau of Industry and Security (BIS).

It was already known that Microsoft used two keys, a primary and a spare, either of which can create valid signatures. Microsoft had failed to remove the debugging symbols in ADVAPI32.DLL, a security and encryption driver, when it released Service Pack 5 for Windows NT 4.0, and Andrew Fernandes, chief scientist with Cryptonym, found the primary key stored in the variable _KEY and the second key was labeled _NSAKEY.[1] Fernandes published his discovery, touching off a flurry of speculation and conspiracy theories, including the possibility that the second key was owned by the United States National Security Agency (the NSA) and allowed the intelligence agency to subvert any Windows user's security.[2]

During a presentation at the Computers, Freedom and Privacy 2000 (CFP2000) conference, Duncan Campbell, senior research fellow at the Electronic Privacy Information Center (EPIC), mentioned the _NSAKEY controversy as an example of an outstanding issue related to security and surveillance.

In addition, Dr. Nicko van Someren found a third key in Windows 2000, which he doubted had a legitimate purpose, and declared that "It looks more fishy".[3]

Microsoft's reaction

Microsoft denied the speculations on _NSAKEY. "This report is inaccurate and unfounded. The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party."[4] Microsoft said that the key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws.[5]

Richard Purcell, Microsoft's Director of Corporate Privacy, approached Campbell after his presentation and expressed a wish to clear up the confusion and doubts about _NSAKEY. Immediately after the conference, Scott Culp, of the Microsoft Security Response Center, contacted Campbell and offered to answer his questions. Their correspondence began cordially but soon became strained; Campbell apparently felt Culp was being evasive and Culp apparently felt that Campbell was hostilely repeating questions that he had already answered. On 28 April 2000, Culp stated that "we have definitely reached the end of this discussion ... [which] is rapidly spiraling into the realm of conspiracy theory"[6] and Campbell's further inquiries went unanswered.

Microsoft claimed the third key was only in beta builds of Windows 2000 and that its purpose was for signing Cryptographic Service Providers.[5]

Explanations from other sources

Some in the software industry question whether the BXA's EAR has specific requirements for backup keys. However, none claim the legal or technical expertise necessary to authoritatively discuss that document. The following theories have been presented.

Microsoft stated that the second key is present as a backup to guard against the possibility of losing the primary secret key. Fernandes doubts this explanation, pointing out that the generally accepted way to guard against loss of a secret key is secret splitting, which would divide the key into several different parts, which would then be distributed throughout senior management.[7] He stated that this would be far more robust than using two keys; if the second key is also lost, Microsoft would need to patch or upgrade every copy of Windows in the world, as well as every cryptographic module it had ever signed.

On the other hand, if Microsoft failed to think about the consequences of key loss and created a first key without using secret splitting (and did so in secure hardware which doesn't allow protection to be weakened after key generation), and the NSA pointed out this problem as part of the review process, it might explain why Microsoft weakened their scheme with a second key and why the new one was called _NSAKEY. (The second key might be backed up using secret splitting, so losing both keys needn't be a problem.)

Another possibility is that Microsoft included a second key to be able to sign cryptographic modules outside the United States, while still complying with the BXA's EAR. If cryptographic modules were to be signed in multiple locations, using multiple keys is a reasonable approach. However, no cryptographic module has ever been found to be signed by _NSAKEY, and Microsoft denies that any other certification authority exists.

Microsoft denied that the NSA has access to the _NSAKEY secret key.[8]

It was possible to remove the second _NSAKEY using the following (note this was for Windows software in 1999).

There is good news among the bad, however. It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components. Since the NSA key is easily replaced, it means that non-US companies are free to install "strong" crypto services into Windows, without Microsoft's or the NSA's approval. Thus the NSA has effectively removed export control of "strong" crypto from Windows. A demonstration program that replaces the NSA key can be found on Cryptonym's website.[1]

CAPI Signature Public Keys as PGP Keys

In September 1999, an anonymous researcher reverse-engineered both the primary key and the _NSAKEY into PGP-compatible format and published them to the key servers.[9]

Primary key (_KEY)

 Type Bits/KeyID Date User ID
 pub 1024/346B5095 1999/09/06 Microsoft's CAPI key <postmaster@microsoft.com>

 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.3i

 mQCPAzfTc8YAAAEEALJz4nepw3XHC7dJPlKws2li6XZiatYJujG+asysEvHz2mwY
 2WlRggxFfHtMSJO9FJ3ieaOfbskm01RNs0kfoumvG/gmCzsPut1py9d7KAEpJXEb
 F8C4d+r32p0C3V+FcoVOXJDpsQz7rq+Lj+HfUEe8GIKaUxSZu/SegCE0a1CVABEB
 AAG0L01pY3Jvc29mdCdzIENBUEkga2V5IDxwb3N0bWFzdGVyQG1pY3Jvc29mdC5j
 b20+iQEVAwUQN9Nz5j57yqgoskVRAQFr/gf8DGm1hAxWBmx/0bl4m0metM+IM39J
 yI5mub0ie1HRLExP7lVJezBTyRryV3tDv6U3OIP+KZDthdXb0fmGU5z+wHt34Uzu
 xl6Q7m7oB76SKfNaWgosZxqkE5YQrXXGsn3oVZhV6yBALekWtsdVaSmG8+IJNx+n
 NvMTYRUz+MdrRFcEFDhFntblI8NlQenlX6CcnnfOkdR7ZKyPbVoSXW/Z6q7U9REJ
 TSjBT0swYbHX+3EVt8n2nwxWb2ouNmnm9H2gYfXHikhXrwtjK2aG/3J7k6EVxS+m
 Rp+crFOB32sTO1ib2sr7GY7CZUwOpDqRxo8KmQZyhaZqz1x6myurXyw3Tg==
 =ms8C
 -----END PGP PUBLIC KEY BLOCK-----

Secondary key (_NSAKEY and _KEY2)

 Type Bits/KeyID Date User ID
 pub 1024/51682D1F 1999/09/06 NSA's Microsoft CAPI key <postmaster@nsa.gov>

 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.3i

 mQCPAzfTdH0AAAEEALqOFf7jzRYPtHz5PitNhCYVryPwZZJk2B7cNaJ9OqRQiQoi
 e1YdpAH/OQh3HSQ/butPnjUZdukPB/0izQmczXHoW5f1Q5rbFy0y1xy2bCbFsYij
 4ReQ7QHrMb8nvGZ7OW/YKDCX2LOGnMdRGjSW6CmjK7rW0veqfoypgF1RaC0fABEB
 AAG0LU5TQSdzIE1pY3Jvc29mdCBDQVBJIGtleSA8cG9zdG1hc3RlckBuc2EuZ292
 PokBFQMFEDfTdJE+e8qoKLJFUQEBHnsH/ihUe7oq6DhU1dJjvXWcYw6p1iW+0euR
 YfZjwpzPotQ8m5rC7FrJDUbgqQjoFDr++zN9kD9bjNPVUx/ZjCvSFTNu/5X1qn1r
 it7IHU/6Aem1h4Bs6KE5MPpjKRxRkqQjbW4f0cgXg6+LV+V9cNMylZHRef3PZCQa
 5DOI5crQ0IWyjQCt9br07BL9C3X5WHNNRsRIr9WiVfPK8eyxhNYl/NiH2GzXYbNe
 UWjaS2KuJNVvozjxGymcnNTwJltZK4RLZxo05FW2InJbtEfMc+m823vVltm9l/f+
 n2iYBAaDs6I/0v2AcVKNy19Cjncc3wQZkaiIYqfPZL19kT8vDNGi9uE=
 =PhHT
 -----END PGP PUBLIC KEY BLOCK-----

See also

References

  1. ^ a b "Microsoft, the NSA, and You". Cryptonym. 31 August 1999. Archived from the original on 17 June 2000. Retrieved 7 January 2007. (Internet Archive / Wayback Machine)
  2. ^ "NSA key to Windows: an open question". CNN. 4 September 1999. Archived from the original on October 2015. Retrieved 7 January 2007. (Internet Archive / Wayback Machine)
  3. ^ "How NSA access was built into Windows". Heise. 4 January 1999. Retrieved 7 January 2007.
  4. ^ "Microsoft Says Speculation About Security and NSA Is "Inaccurate and Unfounded"" (Press release). Microsoft Corp. 3 September 1999. Retrieved 9 November 2006.
  5. ^ a b "There is no "Back Door" in Windows". Microsoft. 7 September 1999. Archived from the original on 20 May 2000. Retrieved 7 January 2007.
  6. ^ "Windows NSAKEY Controversy". Rice University.
  7. ^ "Analysis by Bruce Schneier". Counterpane. 15 September 1999. Retrieved 7 January 2007.
  8. ^ "NSA key to Windows an open question". 3 September 1999. Retrieved 20 November 2011.
  9. ^ "The reverse-engineered keys". Cypherspace. 6 September 1999. Retrieved 7 January 2007.
AutoCollage 2008

AutoCollage 2008 is a Microsoft photomontage desktop application. The software creates a collage of representative elements from a set of images. It is able to detect faces and recognize objects.The software was developed by Microsoft Research labs in Cambridge, England and launched on September 4, 2008.

An update, named Microsoft Research AutoCollage 2008 version 1.1, was released on February, 2009. The software update adds the ability to select images for the AutoCollage, a richer integration with Windows Live Photo Gallery, support for network folders and the ability to define custom output sizes.

A new version, named Microsoft Research AutoCollage Touch 2009, was released on September 2009, and included by some OEMs on machines with Windows 7.

Bing Audio

Bing Audio (also known as Bing Music) is a music recognition application created by Microsoft which is installed on Windows Phones running version 7.5 and above, including Windows Phone 8. On Windows Phone 8.1, and in regions where the Microsoft Cortana voice assistant is available, Bing Music is integrated with Cortana and the music search history is a part of Cortana's "Notebook". The service is only designed to recognize recorded songs, not live performances or humming. Xbox Music Pass subscribers can immediately add the songs to their playlists. A unique feature compared to similar services is that Bing Audio continuously listens and analyzes music while most other services can only listen for a fixed amount of time. Bing Research developed a fingerprinting algorithm to identify songs.On March 30, 2016 Microsoft announced that they'll create bots based on Bing features in Skype of which Bing Music was one.

Bing Vision

Bing Vision is an image recognition application created by Microsoft which is installed on Windows Phones running version 7.5 and above, including Windows Phone 8. It is a part of the Bing Mobile suite of services, and on most devices can be accessed using the search button. On Windows Phone 8.1 devices where Microsoft Cortana is available, it is only available through the lenses of the Camera app (as the search button now activates Cortana). Bing Vision can scan barcodes, QR codes, Microsoft Tags, books, CDs, and DVDs. Books, CDs, and DVDs are offered through Bing Shopping.

Criticism of Microsoft Windows

The various versions of Microsoft's desktop operating system, Windows, have received many criticisms since Microsoft's inception.

Duncan Campbell (journalist)

Duncan Campbell (born 1952) is a British freelance investigative journalist, author, and television producer. Since 1975, he has specialised in the subjects of intelligence and security services, defence, policing, civil liberties and, latterly, computer forensics. He was a staff writer at the New Statesman from 1978–91 and associate editor (Investigations) from 1988–91. He was prosecuted under the Official Secrets Act in the ABC trial in 1978 and made the controversial series Secret Society for the BBC in 1987 (see Zircon affair). In 1988, he revealed the existence of the ECHELON surveillance program.

Encarta

Microsoft Encarta was a digital multimedia encyclopedia published by Microsoft Corporation from 1993 to 2009. Originally sold on CD-ROM or DVD, it was also later available on the World Wide Web via an annual subscription – although later many articles could also be viewed free online with advertisements. By 2008, the complete English version, Encarta Premium, consisted of more than 62,000 articles, numerous photos and illustrations, music clips, videos, interactive content, timelines, maps, atlases and homework tools.

Microsoft published similar encyclopedias under the Encarta trademark in various languages, including German, French, Spanish, Dutch, Italian, Portuguese and Japanese. Localized versions contained contents licensed from national sources and more or less content than the full English version. For example, the Dutch version had content from the Dutch Winkler Prins encyclopedia.

In March 2009, Microsoft announced it was discontinuing both the Encarta disc and online versions. The MSN Encarta site was closed on October 31, 2009 in all countries except Japan, where it was closed on December 31, 2009. Microsoft continued to operate the Encarta online dictionary until 2011.

High Capacity Color Barcode

High Capacity Color Barcode (HCCB) is a technology developed by Microsoft for encoding data in a 2D "barcode" using clusters of colored triangles instead of the square pixels conventionally associated with 2D barcodes or QR codes. Data density is increased by using a palette of 4 or 8 colors for the triangles, although HCCB also permits the use of black and white when necessary. It has been licensed by the ISAN International Agency for use in its International Standard Audiovisual Number standard, and serves as the basis for the Microsoft Tag mobile tagging application.

The technology was created by Gavin Jancke, an engineering director at Microsoft Research. Quoted by BBC News in 2007, he said that HCCB was not intended to replace conventional barcodes. "'It's more of a 'partner' barcode', he said. 'The UPC barcodes will always be there. Ours is more of a niche barcode where you want to put a lot of information in a small space.'"

Key finding attacks

Key Finding Attacks are attacks on computer systems that make use of cryptography in which computer memory or non-volatile storage is searched for private cryptographic keys that can be used to decrypt or sign data. The term is generally used in the context of attacks which search memory much more efficiently than simply testing each sequence of bytes to determine if it provides the correct answer. They are often used in combination with cold boot attacks to extract key material from computers.

Microsoft Office

Microsoft Office (or simply Office) is a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketing term for an office suite (bundled set of productivity applications), the first version of Office contained Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. Over the years, Office applications have grown substantially closer with shared features such as a common spell checker, OLE data integration and Visual Basic for Applications scripting language. Microsoft also positions Office as a development platform for line-of-business software under the Office Business Applications brand. On July 10, 2012, Softpedia reported that Office is used by over a billion people worldwide.Office is produced in several versions targeted towards different end-users and computing environments. The original, and most widely used version, is the desktop version, available for PCs running the Windows and macOS operating systems. Office Online is a version of the software that runs within a web browser, while Microsoft also maintains Office apps for Android and iOS.

Since Office 2013, Microsoft has promoted Office 365 as the primary means of obtaining Microsoft Office: it allows use of the software and other services on a subscription business model, and users receive free feature updates to the software for the lifetime of the subscription, including new features and cloud computing integration that are not necessarily included in the "on-premises" releases of Office sold under conventional license terms. In 2017, revenue from Office 365 overtook conventional license sales.

The current on-premises, desktop version of Office is Office 2019, released on September 24, 2018.

Microsoft Store

Microsoft Store is a chain of retail stores and an online shopping site, owned and operated by Microsoft and dealing in computers, computer software and consumer electronics.

The Microsoft Store offers Signature PCs and tablets like the Microsoft Surface and from third parties such as HP, Acer, Dell, Lenovo, and VAIO without demos or trialware (pre-installed free trials of certain third-party software that expire after a limited time). It also offers Windows (most retail versions), Microsoft Office and Xbox One game consoles, games and services including on-site Xbox diagnostics. The Answers Desk helps to answer questions related to Windows, Office, and other Microsoft products. The stores also offer class sessions as well as individual appointments.

The first two Microsoft Stores opened within a week of the Windows 7 launch, in Scottsdale, Arizona and Mission Viejo, California. Additional stores have since opened in California, Colorado, Florida, Georgia, Illinois, Minnesota, Missouri, Texas and Washington. At the 2011 Professional Developers Conference, Microsoft announced that they intend to open 75 new stores in the next three years.The first store outside the U.S. (and the first of eight stores in Canada) opened in Toronto on November 16, 2012 while the first store outside North America (and first store in Asia-Pacific and second flagship store) opened in Sydney, Australia on November 12, 2015 In September 2017, the company announced a store on Regent Street in London, United Kingdom .

Microsoft Student

Microsoft Student is a discontinued application from Microsoft designed to help students in schoolwork and homework. It included Encarta, as well as several student-exclusive tools such as additional Microsoft Office templates (called Learning Essentials) and integration with other Microsoft applications, like Microsoft Word. An example of that is data citations, Encarta dictionary and research Encarta features, which are available in a toolbar in Word.

The product also included Microsoft Math, language and literature resources (book summaries), and research tools (such as access to an online version of Encarta). Student 2006 was the first version of the product and a new version was produced by Microsoft every year until 2009.

Microsoft announced in March 2009 that they will cease to sell Microsoft Student and all editions of the Encarta encyclopedia by June 2009, citing changes in the way people seek information and in the traditional encyclopedia and reference material market as the key reasons behind the termination. Encarta's closing is widely attributed to competition from the larger online encyclopedia Wikipedia.

Microsoft Teams

Microsoft Teams is a unified communications platform that combines persistent workplace chat, video meetings, file storage (including collaboration on files), and application integration. The service integrates with the company's Office 365 subscription office productivity suite and features extensions that can integrate with non-Microsoft products. Microsoft Teams is a competitor to services such as Slack and is the evolution and upgrade path from Microsoft Skype for Business.

Microsoft announced Teams at an event in New York, and launched the service worldwide on 14 March 2017. It was created, and is currently led, by Brian MacDonald, Corporate Vice President at Microsoft.

NSAKEY

In computer security and cryptography, _NSAKEY was a variable name discovered in Windows NT 4 Service Pack 5 (which had been released unstripped of its symbolic debugging data) in August 1999 by Andrew D. Fernandes of Cryptonym Corporation. That variable contained a 1024-bit public key.

Nicko van Someren

Dr. Nicholas Nicko van Someren PhD, FREng, FBCS (born 1967) is a British computer scientist, cryptographer and entrepreneur. He is known for having founded ANT Software Limited, and nCipher as well as more recently having been the Chief Security Architect at Juniper Networks and is currently the Chief Technology Officer of the Linux Foundation where he runs the Core Infrastructure Initiative.

Satya Nadella

Satya Narayana Nadella (; born 19 August 1967) is an Indian American business executive. He currently serves as the Chief Executive Officer (CEO) of Microsoft, succeeding Steve Ballmer in 2014. Before becoming chief executive, he was Executive Vice President of Microsoft's Cloud and Enterprise Group, responsible for building and running the company's computing platforms.

Surface Studio

The Surface Studio is an all-in-one PC, designed and produced by Microsoft as part of its Surface series of Windows-based personal computing devices. It was announced at the Windows 10 Devices Event on October 26, 2016, with pre-orders beginning that day.The first desktop computer to be manufactured entirely by Microsoft, the Surface Studio uses the Windows 10 operating system with the Anniversary Update preinstalled. However, it is optimized for the Windows 10 Creators Update, which was released on April 11, 2017. The product, starting at $2,999, is aimed primarily at people in creative professions such as graphic artists and designers.

Surface Studio 2

The Surface Studio 2 is an all-in-one PC, designed and produced by Microsoft as part of its Surface series of Windows-based personal computing devices. It was announced at the Windows 10 Devices Event on October 2, 2018, with pre-orders beginning that day.The second desktop computer to be manufactured entirely by Microsoft, the Surface Studio uses the Windows 10 operating system with the October 2018 update preinstalled. The product, starting at $3,499, is aimed primarily at people in creative professions such as graphic artists and designers.

DOS-based
Windows 9x
Windows NT
Windows Embedded
Windows Mobile
Windows Phone
Cancelled
Related
People
Products
Company
Campaigns
Criticism
Litigation
Acquisitions

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.