Author Topic: FBI put backdoor in OpenBSD  (Read 8014 times)

0 Members and 1 Guest are viewing this topic.

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: FBI put backdoor in OpenBSD
« Reply #1 on: December 15, 2010, 01:28:17 pm »
I don't buy it. "My NDA expired so I can talk about a secret government backdoor now"? Come on!

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: FBI put backdoor in OpenBSD
« Reply #2 on: December 15, 2010, 01:33:46 pm »
It's possible that this is a ploy to move users away from an allegedly more secure system.  Maybe the FBI can monitor encrypted traffic from all but OpenBSD and a few others?
An adorable giant isopod!

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: FBI put backdoor in OpenBSD
« Reply #3 on: December 15, 2010, 01:38:44 pm »
Still, this is entirely feasible.  The encryption community is so secret that they more than likely know about weaknesses in cryptoschemes that the open source developers are not privy to.  It may be possible, for example, to submit code that generates certain types of weak keys that are not otherwise known to be weak by open source developers.
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: FBI put backdoor in OpenBSD
« Reply #4 on: December 15, 2010, 06:18:49 pm »
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: FBI put backdoor in OpenBSD
« Reply #5 on: December 15, 2010, 06:37:36 pm »
But wouldn't it be awesome if it was real?  :)

I stand for awesome!
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: FBI put backdoor in OpenBSD
« Reply #6 on: December 15, 2010, 07:39:59 pm »
But wouldn't it be awesome if it was real?  :)

I stand for awesome!
Agreed! I even retweeted that sentiment, "Dear Santa: All I want for christmas is for the rumors that the FBI just got caught backdooring open source software to be true."

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: FBI put backdoor in OpenBSD
« Reply #7 on: December 15, 2010, 07:43:21 pm »
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.


I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: FBI put backdoor in OpenBSD
« Reply #8 on: December 15, 2010, 10:13:51 pm »
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.


I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.
Not in the post I was responding to. :P

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: FBI put backdoor in OpenBSD
« Reply #9 on: December 16, 2010, 01:06:47 am »
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.


No, I'm implying that open source developers are likely not cryptography researchers and hence do not participate in this secretive community.  That's why it's conceivable that a government contractor that is privy to secret research could implement algorithms that produce weak results that are otherwise considered strong.

A lot of these developers just open a text book or read a (public) paper and implement a documented algorithm.
An adorable giant isopod!

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: FBI put backdoor in OpenBSD
« Reply #10 on: December 16, 2010, 01:29:58 am »
This CNET article alleges that a security researcher was responsible for the backdoor (someone who is privy to secret research). 

As I understand it, the cryptography community finds weaknesses in cryptoschemes and the resulting research is often kept secret. I think the backdoor is merely a weak algorithm that is considered strong with publicly available information.  Then it's conceivable that no auditor noticed.
An adorable giant isopod!