FBI put backdoor in OpenBSD

[nslay]

Wow, this is creepy:
http://www.infoworld.com/d/security-central/former-contractor-says-fbi-put-back-door-in-openbsd-423?source=IFWNLE_nlt_firstlook_2010-12-15

[iago]

I don't buy it. "My NDA expired so I can talk about a secret government backdoor now"? Come on!

[nslay]

It's possible that this is a ploy to move users away from an allegedly more secure system.  Maybe the FBI can monitor encrypted traffic from all but OpenBSD and a few others?

[nslay]

Still, this is entirely feasible.  The encryption community is so secret that they more than likely know about weaknesses in cryptoschemes that the open source developers are not privy to.  It may be possible, for example, to submit code that generates certain types of weak keys that are not otherwise known to be weak by open source developers.

[iago]

You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

[Blaze]

But wouldn't it be awesome if it was real? 

I stand for awesome!

[iago]

But wouldn't it be awesome if it was real? 

I stand for awesome!

Agreed! I even retweeted that sentiment, "Dear Santa: All I want for christmas is for the rumors that the FBI just got caught backdooring open source software to be true."

[Joe]

You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.

[iago]

You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.

Not in the post I was responding to.

[nslay]

You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

No, I'm implying that open source developers are likely not cryptography researchers and hence do not participate in this secretive community.  That's why it's conceivable that a government contractor that is privy to secret research could implement algorithms that produce weak results that are otherwise considered strong.

A lot of these developers just open a text book or read a (public) paper and implement a documented algorithm.

[nslay]

This CNET article alleges that a security researcher was responsible for the backdoor (someone who is privy to secret research). 

As I understand it, the cryptography community finds weaknesses in cryptoschemes and the resulting research is often kept secret. I think the backdoor is merely a weak algorithm that is considered strong with publicly available information.  Then it's conceivable that no auditor noticed.