[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FBI Added Secret Backdoors to OpenBSD IPSEC

Subject: [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
From: mhw at WittsEnd.com (Michael H. Warfield)
Date: Wed, 15 Dec 2010 17:19:14 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Wed, 2010-12-15 at 11:50 -0500, Jerald Sheets wrote:
> It would appear that the plot thickens:
> 
> http://bsd.slashdot.org/story/10/12/15/1524202/BSD-Coder-Denies-Adding-FBI-Backdoor

Some more info here:

http://marc.info/?l=openbsd-tech&m=129237675106730&w=2

They pretty much make it clear that why they feel it could not be in the
crypto code and the reasons why.  Having participated peripherally in
the FreeS/WAN development back then and having the same problems hanging
over my head (no code contributions, not no way, not no how) I can
concur with this assessment.

And more here from Rob McMillan:

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

I know from personal experience those guys up in Canada would have never
knowingly accepted any crypto code from US developers back then, period.
It would have tainted their code and subject them to US ITAR export
restrictions thanks to a US Canadian treaty to that effect.  It was why
they based those projects in Canada, to avoid US contamination and US
restrictions.

The followup information from this dude would seem to dance around that
and claim that it's some sort of side-channel thing in the network code
or framework itself.  I don't buy the comments about the side channel
stuff in the OCF since that's exactly the sort of code they could not
import safely.  He was also working on DES/3DES cracking and I seriously
doubt anyone, now days, is using either of those.  Simple DES is not
even supported in Openswan or StrongSWAN.  The key generation and
schedulers in AES is very different that DES.

He also implies that this was related to some sort of fixed key VPN
setup that was supposedly backdoored that was developed for the
Executive Office for United States Attorneys.  It's not clear if this is
the "backdoor" he is referring to or not or if they ever successfully
backdoored any IPsec code.  There seems to be a glaring non-sequitar in
there.

Also note that none of the Linux crypto code is based on the BSD code
with the possible exception of the Racoon code (ipsec-tools in Fedora or
racoon in Ubuntu) which is a port of the code in the KAME project can
could be derived from some of that code.

Follow-Ups:
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: mhw at WittsEnd.com (Michael H. Warfield)

References:
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: krwatson at cc.gatech.edu (Watson, Keith)
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: krwatson at cc.gatech.edu (Watson, Keith)
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: skotchman at gmail.com (Scott Castaline)
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
  - From: questy at gmail.com (Jerald Sheets)

Prev by Date: [ale] can't install Wine
Next by Date: [ale] USB on Ubuntu server
Previous by thread: [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
Next by thread: [ale] FBI Added Secret Backdoors to OpenBSD IPSEC
Index(es):
- Date
- Thread