No FBI backdoors found in OpenBSD
Lead developer OpenBSD, Canadian programmer and hacker Theo de Raadt (Theo de Raadt) recovered the events of a decade ago , when the IPSec encryption protocol stack was created. He names the two main stack developers (as it turned out now, they executed orders for the FBI) and writes that the code they have written is still used in key modules of the system and not only in IPSec.
During this week, project participants checked part of the code and found some pretty serious bugs that look like unintentional ones. These holes were closed many years ago, although these facts were not publicized. No other holes that could be backdoors were found.
On the one hand, only a small part of the code was checked. On the other hand, there is reason to believe that there are no backdoors at all. The trial continues.
Tao de Raadt admits that the two above-mentioned authoritative developers wrote backdoors for the FBI's request, but surely for other projects, not for OpenBSD, it is simply impossible to allow them to participate in such a conspiracy therapist. Tao de Raadt does not believe that backdoors ever once were in OpenBSD code.
')
Either way, the audit was a good exam for the OpenBSD community.
We remind you that on December 12, Theo received a letter from Gregory Perry, the former technical director of NETSEC, who organized the cooperation of NETSEC and OpenBSD ten years ago.
The NETSEC organization sponsored OpenBSD and also helped develop key encryption protocols that are part of the IPSec stack. Since 2000, this free stack of protocols has been stretched across many projects and is now used everywhere.
Perry admitted to collaborating with the FBI: he was a consultant at the FBI-based cryptographic project GSA Technical Support Center, engaged in reverse engineering of crypto modules and introducing backdoors into smart cards and other devices.
Perry claims that his FBI non-disclosure agreement expired, so he can admit: in 1999-2001, his former employer received money from the FBI and implemented backdoors into the OpenBSD Cryptographic Framework (OCF) code to monitor VPN connections.
The author of the backdoor code is Jason Wright, which is easy to check if you audit all the code sent to them.
According to Gregory Perry, it is thanks to the availability of backdoors that OpenBSD is now the recommended system for VPN and firewalls in various virtual machines. For example, Scott Lowe (Scott Lowe), in the past one of the FBI experts, recently published a series of instructions on the use of OpenBSD virtual machines in VMware vSphere enterprise systems.
On December 14, Tao decided to publish the letter in open access and commented that he did not participate in this conspiracy and anyone can audit the code on their own.
The discussion on this topic continues on the openbsd-tech mailing list.
During this week, project participants checked part of the code and found some pretty serious bugs that look like unintentional ones. These holes were closed many years ago, although these facts were not publicized. No other holes that could be backdoors were found.
On the one hand, only a small part of the code was checked. On the other hand, there is reason to believe that there are no backdoors at all. The trial continues.
Tao de Raadt admits that the two above-mentioned authoritative developers wrote backdoors for the FBI's request, but surely for other projects, not for OpenBSD, it is simply impossible to allow them to participate in such a conspiracy therapist. Tao de Raadt does not believe that backdoors ever once were in OpenBSD code.
')
Either way, the audit was a good exam for the OpenBSD community.
We remind you that on December 12, Theo received a letter from Gregory Perry, the former technical director of NETSEC, who organized the cooperation of NETSEC and OpenBSD ten years ago.
The NETSEC organization sponsored OpenBSD and also helped develop key encryption protocols that are part of the IPSec stack. Since 2000, this free stack of protocols has been stretched across many projects and is now used everywhere.
Perry admitted to collaborating with the FBI: he was a consultant at the FBI-based cryptographic project GSA Technical Support Center, engaged in reverse engineering of crypto modules and introducing backdoors into smart cards and other devices.
Perry claims that his FBI non-disclosure agreement expired, so he can admit: in 1999-2001, his former employer received money from the FBI and implemented backdoors into the OpenBSD Cryptographic Framework (OCF) code to monitor VPN connections.
The author of the backdoor code is Jason Wright, which is easy to check if you audit all the code sent to them.
According to Gregory Perry, it is thanks to the availability of backdoors that OpenBSD is now the recommended system for VPN and firewalls in various virtual machines. For example, Scott Lowe (Scott Lowe), in the past one of the FBI experts, recently published a series of instructions on the use of OpenBSD virtual machines in VMware vSphere enterprise systems.
On December 14, Tao decided to publish the letter in open access and commented that he did not participate in this conspiracy and anyone can audit the code on their own.
The discussion on this topic continues on the openbsd-tech mailing list.
Source: https://habr.com/ru/post/110620/
All Articles