|
Cryptonym Interview
9/9/99
Mike Hudack
Editor-in-Chief
It was about a week ago that Andrew D. Fernandes of Cryptonym came out with the revelation that thereīs a public key named "_NSAKey" in the Crypto API which is bundled with all versions of Windows since 95.
The media jumped on it quickly -- demanding comment from Microsoft and the like. The entire issue ended blowing up and some people ended up with a little egg on their faces -- including OSAll.
In order to kind of wrap things up, OSAll ended up speaking with Andrew Fernandes at length -- for more than an hour. Following is the first installment of our discussion, written verbatim from the recording.
The Interview:
<Mike> Iīm afraid I didnīt have too much time to put everything together here... You know, school and everything. So just bear with me.
<Andrew> Thatīs alright. I was reading your Web site just a little bit ago. Not bad. I like what Iīve been seeing, too. But anyway...
<Mike> You know, for legal reasons, I have to go through the whole thing... Youīre being recorded now, everything is on the record, da da da... Everything we say will (hopefully) be printed verbatim, assuming the recording works right. If I have to do it by memory Iīll have to e-mail you to verify everything, of course.
<Andrew> Oh, absolutely. One of my journalist friends who I kind of hold up as a hero... Says that everything should always be on record. I kind of live by it.
<Mike> Absolutely... Itīs so true. Iīve had problems with things -- whether theyīre on record, or off... Itīs just a pain in the ass. All right... The first thing I want to ask you -- how long did you spend reverse engineering things before you came up with everything?
<Andrew> Oh, well that. Thatīs actually a common misconception. I donīt know how it got started, probably because of some non-technical reporter.
<Mike> So you werenīt reverse engineering it? You decompiled it, right?
<Andrew> No, not even that. The real story is considerably less glamarous. I wish I could point to some great genius on my part... That would be an absolute lie.
<Mike> Yeah, wouldnīt we all...
<Andrew> What actually happened was I was doing some development work using Crypto API -- CAPPY -- and something wasnīt working. You know, it had nothing to do with cappy. I just happened to be using cappy because I wanted to see what it looked like. Something in my module wasnīt working and I was irritated. I donīt know if youīre a programmer...
<Mike> Yeah, somewhat. Yeah.
<Andrew> Well I donīt know what you do when things arenīt working, but I just stare into never-never land. If I relax my brain, empty it out, maybe something will come to me. So, I was at one of those points and I was basically single-stepping my way through looking for the error. Something wasnīt working and I was thinking maybe the compiler was generating incorrect code, or... I wasnīt even looking at the program to be brutally honest, I was just staring at ta golf course... Clicking next, next, next. I donīt know how many times I was clicking the mouse. As I looked back at the screen I made a couple of simultaneous discoveries. One was that Windows NT, unlike Windows 95, allows you to one-step right into system DLLs. Okay, I never knew you could ever do that. The next thing was I was buried smack inside one of the DLLs...
<Mike> What was it? One of the Crypto API DLLs?
<Andrew> Yeah, it was the [unintelligible] DLL... And you know, these words are popping out at me. There was RC4, and the one that really popped out to me was "key." You know, anything you can make sense of in assembly just pops right out. I donīt know if youīve seen it, but the screen captures are up on the Web site.
<Mike> Yeah, I remember that.
<Andrew> And NSA key. And I kind of focused on it, and I almost fell off my chair. It was like, "what the hell is THAT doing there!"
<Mike> Exactly, right...
<Andrew> You start thinking, encrypt Rc4 -- so you kind of know instinctively where in the module you are. So, in point of fact, thatīs exactly how I came across that. You know, itīs not glamorous, itīs not a particular spot of genius on my part, but itīs true.
<Mike> Well, Iīd love to be able to make you out to be a genius and everything... But I guess that planīs gone.
<Andrew> Yeah, well, lifeīs hard. But anyway, yeah. I was actually kind of worrying about all the reverse engineering things people are e-mailing me about. They keep saying that Microsoft could slam me for reverse engineering it. And I keep yelling at them -- "Iīm not reverse engineering it!"
<Mike> Well, I tell you, you know, everyone in the media, everyone outside the technical field in the media, gets something wrong in every story.
<Andrew> Well actually one of the ones they got wrong, which I always found funny. It was one of the big networks. Well, Ian Goldberg has been in the news a lot. Heīs the current you know, crypto darling boy. Especially with the things heīs been doing. So anyway, they asked me where I went to school. The University of Waterloo, a big crypto place... and he graduated the same year as me. Well, I left it at that... it was kind of a side bar and all. Well, next thing I know, a person in the National Post, one of Canadaīs two national newspapers, says I studied computer science at the University of Waterloo. Now, I actually studied biochemistry and mathematics there! Needless to say, my almer mater was not very happy with that. I think I took one computer science course there... and I didnīt do too well either. It was like Fotran or something...
<Mike> Oh God...
<Andrew> So, you know, little things like that happen, and they keep growing. And all of a sudden, you know, this is my first experience with the media. Iīm having heart palpatations, you know, Iīm like, "Oh my God! Oh my God!"
<Mike> Yeah, well, you know, when I deal with them every time I turn around and I watch something on TV which I was interviewed for something... Iīm always wondering whether theyīre going to make me look like an idiot or something.
<Andrew> It really depends, Iīve discovered, on the reporter. Some of them take the time to really think about it, what may have been unsaid, what theyīre assuming... and others just move and connect the dots as well as they may. And they have to make six column inches.
<Mike> Yeah, it is true with some of them... And Iīve written some nasty letters. Anyway, I want to get back on the track... I donīt want to take too much time on this.
<Andrew> Well it was an interesting segway.
<Mike> Yeah, youīre right.
<Andrew> Well, thatīs how I found it.
Click Here to Continue
Related Links:
NSA Backdoor?
Cryptonym
NSA Implications
NSA FUD
The Media
NSA And Kids
NSA Colleges
OSAll BBSystem |
