[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Mechanism to Verify CSP
From:       Laszlo Elteto <lelteto () RAINBOW ! COM>
Date:       2003-08-12 14:40:43
[Download RAW message or body]

hmmm somehow this message is bouncing from ListServ as "already sent".
Trying to add more text - as suggested - so hopefully it will be accepted.

Laszlo Elteto
-----Original Message-----
From: Laszlo Elteto
Sent: Tuesday, August 12, 2003 7:20 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Mechanism to Verify CSP

Yes, an admin having local access (or a trijan running with admin prvilege)
can change a lot of things. Probably CSP will be your least worry.

Laszlo Elteto
-----Original Message-----
From: SUBSCRIBE CryptoAPI Serge Yun [mailto:woon_ws@HOTMAIL.COM]
Sent: Monday, August 11, 2003 6:37 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: Mechanism to Verify CSP

> The CSP need microsoft key to verify the signature and the key is kept in
> ADVAPI.DLL? If someone has administrator rights to the local machine, then
> he can change the signature, CSP and the Key altogether?

> The signature is not contained in a file but jus an entry in the registry.
> any malicious code can change the values of the signature easily.

> The best thing is that when i looked at my registry, there most of the CSP
> (Pre-installed with OS) doesn't even have any values in the signature
> entry. Does that mean that its not signed at all?

This message and any material contained in any attachment may contain information \
which is the property of and which is confidential to Rainbow Technologies, Inc. This \
information is intended solely for the use of the individual or entity to whom it is \
addressed. If you are not the intended recipient, you are hereby notified that any \
disclosure, copying, distribution, or use of any of the information contained in this \
message is STRICTLY PROHIBITED. If you have received this message in error, please \
notify us immediately. Thank you.

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.html
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM


[prev in list] [next in list] [prev in thread] [next in thread]