The OpenBSD backdoor Allegations

Disclaimer: I do not know any of the parties involved. 

Last weekend, Gregory Perry or someone claiming to be him, sent Theo de Raadt (maintainer of OpenBSD) an explosive email saying that ten years ago the FBI secretly paid some individuals to create “a number of backdoors” in OpenBSD’s crypto framework (OCF). 

The email mentioned two contributors by name and claimed that one of them was still on the FBI payroll.  Since then, both of the named have denied these allegations and brought to question Mr. Perry’s motives, if not sanity. 

Statements here and here.  The first statement offers two filenames to look at.

What are we (the security people) at F5 going to do about it?

We don’t use any of the OCF anywhere (that I know of) at F5, though I’ve admired its architecture from afar.

The beautiful thing about open source is that it is open for anyone to review.  Unless the backdoors were of a nature that is unknown to anyone except the FBI/NSA then anyone could see them, and I’m sure that thousands of paranoid eyes are looking at it right now.

Update: 12/28/2010

Theo has come out with a expanded public statement.  Link here:

http://article.gmane.org/gmane.os.openbsd.tech/22727

 

Published Dec 17, 2010
Version 1.0
us

Was this article helpful?

No CommentsBe the first to comment