[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Mechanism to Verify CSP
From: Laszlo Elteto <lelteto () RAINBOW ! COM>
Date: 2003-08-12 14:40:43
[Download RAW message or body]
hmmm somehow this message is bouncing from ListServ as "already sent".
Trying to add more text - as suggested - so hopefully it will be accepted.
Laszlo Elteto
-----Original Message-----
From: Laszlo Elteto
Sent: Tuesday, August 12, 2003 7:20 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Mechanism to Verify CSP
Yes, an admin having local access (or a trijan running with admin prvilege)
can change a lot of things. Probably CSP will be your least worry.
Laszlo Elteto
-----Original Message-----
From: SUBSCRIBE CryptoAPI Serge Yun [mailto:woon_ws@HOTMAIL.COM]
Sent: Monday, August 11, 2003 6:37 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Mechanism to Verify CSP
> The CSP need microsoft key to verify the signature and the key is kept in
> ADVAPI.DLL? If someone has administrator rights to the local machine, then
> he can change the signature, CSP and the Key altogether?
> The signature is not contained in a file but jus an entry in the registry.
> any malicious code can change the values of the signature easily.
> The best thing is that when i looked at my registry, there most of the CSP
> (Pre-installed with OS) doesn't even have any values in the signature
> entry. Does that mean that its not signed at all?
This message and any material contained in any attachment may contain information \
which is the property of and which is confidential to Rainbow Technologies, Inc. This \
information is intended solely for the use of the individual or entity to whom it is \
addressed. If you are not the intended recipient, you are hereby notified that any \
disclosure, copying, distribution, or use of any of the information contained in this \
message is STRICTLY PROHIBITED. If you have received this message in error, please \
notify us immediately. Thank you.
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.html
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic