FBI put backdoor in OpenBSD

nslay · December 15, 2010, 12:53:48 PM

Wow, this is creepy:
http://www.infoworld.com/d/security-central/former-contractor-says-fbi-put-back-door-in-openbsd-423?source=IFWNLE_nlt_firstlook_2010-12-15

iago · December 15, 2010, 01:28:17 PM

I don't buy it. "My NDA expired so I can talk about a secret government backdoor now"? Come on!

nslay · December 15, 2010, 01:33:46 PM

It's possible that this is a ploy to move users away from an allegedly more secure system. Maybe the FBI can monitor encrypted traffic from all but OpenBSD and a few others?

nslay · December 15, 2010, 01:38:44 PM

Still, this is entirely feasible. The encryption community is so secret that they more than likely know about weaknesses in cryptoschemes that the open source developers are not privy to. It may be possible, for example, to submit code that generates certain types of weak keys that are not otherwise known to be weak by open source developers.

iago · December 15, 2010, 06:18:49 PM

You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

Blaze · December 15, 2010, 06:37:36 PM

But wouldn't it be awesome if it was real? :)

I stand for awesome!

iago · December 15, 2010, 07:39:59 PM

Quote from: Blaze on December 15, 2010, 06:37:36 PM
But wouldn't it be awesome if it was real? :)

I stand for awesome!

Agreed! I even retweeted that sentiment, "Dear Santa: All I want for christmas is for the rumors that the FBI just got caught backdooring open source software to be true."

Joe · December 15, 2010, 07:43:21 PM

Quote from: iago on December 15, 2010, 06:18:49 PM
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.

iago · December 15, 2010, 10:13:51 PM

Quote from: Joe on December 15, 2010, 07:43:21 PM
Quote from: iago on December 15, 2010, 06:18:49 PM
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

I think he was implying that the same cryptographers who are conspiring with the FBI are those who wrote OpenBSD's cryptography stuffs.

Not in the post I was responding to. :P

nslay · December 16, 2010, 01:06:47 AM

Quote from: iago on December 15, 2010, 06:18:49 PM
You seem to be implying that an opensource developer can't be a cryptographic expert. I submit that the people who wrote OpenBSD's crypto routines are crypto experts.

Also, the whole thing reeks of a plain ol' hoax to me.

No, I'm implying that open source developers are likely not cryptography researchers and hence do not participate in this secretive community. That's why it's conceivable that a government contractor that is privy to secret research could implement algorithms that produce weak results that are otherwise considered strong.

A lot of these developers just open a text book or read a (public) paper and implement a documented algorithm.

nslay · December 16, 2010, 01:29:58 AM

This CNET article alleges that a security researcher was responsible for the backdoor (someone who is privy to secret research).

As I understand it, the cryptography community finds weaknesses in cryptoschemes and the resulting research is often kept secret. I think the backdoor is merely a weak algorithm that is considered strong with publicly available information. Then it's conceivable that no auditor noticed.

Clan x86

News:

FBI put backdoor in OpenBSD

nslay

iago

nslay

nslay

iago

Blaze

iago

Joe

iago

nslay

nslay