Security News > 2020 > January > Critical Windows Vulnerability Discovered by NSA

Q4: What role does a 'private key' play here anyway, if not that in Q3? Q5: If one doesn't simply learn the original private key off of knowing the public key, is one simply able to create a new digital certificate this way, as opposed to, having learned the private key of an existing digital certificate? Did I understand this more correctly now?

Q6: Could the fake private key, simply be a number like 1, something that can be guessed by anyone? Or, equally bad, any other number, that you then can use to decipher data because someone would ofc know the private key?

Q7: How is it even possible to create a private key that matches an existing public key? I guess I intuitively thought that, you sort of couldn't have multiple private keys for any given private key.

Q12: Imagine combining faking auhtentication using a "Fake" digital certificate, with, covert/overt tampering of physical documents in a specific location, such that when you check to see if your encrypted data, is actually encrypted with your own private key, maybe you wouldn't even know if your private key was changed in some subtle way, like being one bit off, in a long string of numbers making up your private key? As if, relying on a piece of paper in a safe or something, where your private key is stored.

If nothing else, an opposing party could maybe learn indirectly, whenever you change your own private key inside your office? Then the opposing party would know from when to break into your office, again, to slightly alter their private key at their own location once again? Basically, the idea is that you would end up with having the initiative, for knowing when a party makes changes to their key or key infrastructure? I guess, that way, an opposing party can freely associate a known private key with a known public key, to make sense of Q12..

News URL

https://www.schneier.com/blog/archives/2020/01/critical_window.html