advapi.dll security question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,

I happened to come by an old article (dated 04.09.1999) about NSA
having something to do with an extra set of keys inside the Windows
advapi.dll file. According to the article the extra keys are in this
dll on every version of Windows between Windows 95 OSR2 and Windows

Three questions that came to mind:
1. has anything similar been reported about Windows XP?
2. what kind of software would one use to check the dll for keys?
3. if answer to 2 is "hex editor" or other low level editor: how would
you know that you have found a key?



Re: advapi.dll security question

jjoensuu wrote:
Quoted text here. Click to load it

Yes and no. Yes, there are additional keys. No, they are from Microsoft,
and they're supposed to provide a signature for a plugin interface that
allows NSA to exchange it with its own implementation in a safe way. At
least that's the official technical explanation.

Quoted text here. Click to load it

No. The architecture change removed the need for such a special

Quoted text here. Click to load it

A disassembler with good structure analysis.

Quoted text here. Click to load it

If there's some DER or BER encoded structure that looks like an exponent
plus a big composite integer of a typical site.

Re: advapi.dll security question

Just what I was looking for. Thanks Sebastian.

Site Timeline