[ale] FBI Added Secret Backdoors to OpenBSD IPSEC

Michael H. Warfield mhw at WittsEnd.com
Wed Dec 15 17:19:14 EST 2010 

On Wed, 2010-12-15 at 11:50 -0500, Jerald Sheets wrote:
> It would appear that the plot thickens:
> 
> http://bsd.slashdot.org/story/10/12/15/1524202/BSD-Coder-Denies-Adding-FBI-Backdoor

Some more info here:

http://marc.info/?l=openbsd-tech&m=129237675106730&w=2

They pretty much make it clear that why they feel it could not be in the
crypto code and the reasons why.  Having participated peripherally in
the FreeS/WAN development back then and having the same problems hanging
over my head (no code contributions, not no way, not no how) I can
concur with this assessment.

And more here from Rob McMillan:

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

I know from personal experience those guys up in Canada would have never
knowingly accepted any crypto code from US developers back then, period.
It would have tainted their code and subject them to US ITAR export
restrictions thanks to a US Canadian treaty to that effect.  It was why
they based those projects in Canada, to avoid US contamination and US
restrictions.

The followup information from this dude would seem to dance around that
and claim that it's some sort of side-channel thing in the network code
or framework itself.  I don't buy the comments about the side channel
stuff in the OCF since that's exactly the sort of code they could not
import safely.  He was also working on DES/3DES cracking and I seriously
doubt anyone, now days, is using either of those.  Simple DES is not
even supported in Openswan or StrongSWAN.  The key generation and
schedulers in AES is very different that DES.

He also implies that this was related to some sort of fixed key VPN
setup that was supposedly backdoored that was developed for the
Executive Office for United States Attorneys.  It's not clear if this is
the "backdoor" he is referring to or not or if they ever successfully
backdoored any IPsec code.  There seems to be a glaring non-sequitar in
there.

Also note that none of the Linux crypto code is based on the BSD code
with the possible exception of the Racoon code (ipsec-tools in Fedora or
racoon in Ubuntu) which is a port of the code in the KAME project can
could be derived from some of that code.

From his description too, I would say that what ever may or may not have
ever been there, it could well have not survived numerous bug fixes (it
would need to look like a simple coding error) or be applicable in
dynamically key environments such as modern day IPsec/IKE environments.

I'm sure Theo has people going over that code with a nit comb but I
would say hold the conspiracy theories until we hear more from Theo.
He's NOT one to mince words or waste time, as this joker just found out.

I may be surprised and they may turn up something but, so far, it's all
noise and no light.

Mike

> --jms
> 
> 
> On Dec 15, 2010, at 11:40 AM, Jim Kinney wrote:
> 
> > I aim to please. You aim too, please!
> > 
> > On Wed, Dec 15, 2010 at 10:47 AM, Scott Castaline
> <skotchman at gmail.com> wrote:
> > On 12/15/2010 09:34 AM, Watson, Keith wrote:
> > > Sorry for the double post. Apparently I haven't had enough
> caffeine yet.
> > >
> > > keith
> > >
> > That's ok cup #6 for me wound up all over kybd, monitor after
> reading
> > Jim Kinney's reply to the "test" thread.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> > 
> > 
> > 
> > -- 
> > -- 
> > James P. Kinney III
> > I would rather stumble along in freedom than walk effortlessly in
> chains.
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> 
> #!/jerald
> Linux User #183003
> Ubuntu User #32648
> Public GPG Key:  http://questy.org/js.asc
> 
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GIT/MU d-@ s++(++)>+++:> a+ C++++(+++)$>++ UBLAVHSC++(on)$>++++ P
> ++(+++)$>++++ L++(++++)$>+++ !E---(---)>--- W+(++)$>+++ N(+)$>++ !o !
> K-- w(--)>--- O()@> M++(++)$>++ V()>- PS+++()@>-- PE(++)@>+ Y+(+)@>+
> PGP++(++)$>+++ t+(++)@>+++ 5(+)@>+ X+(++)@>+++ R+(+)@>++ tv-(+)$>++ b
> +++(++)$>++ DI++++(++)>+++ D++(++)@>++ G++(++)@>++ e++(++)$>++ h(-)$>-
> r+++(+++)@>+++ y+(+++)>++++@ 
> ------END GEEK CODE BLOCK------
> 
> 
> 
> 
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20101215/b3e6350e/attachment.bin

More information about the Ale mailing list