FBI Alleged To Have Backdoored OpenBSD's IPSEC Stack

Aggrajag and Mortimer.CA, among others, wrote to inform us that Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago, and over that time has changed quite a bit, "so it is unclear what the true impact of these allegations are" says Mr. de Raadt. He added: "Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products." (Freeswan and Openswan are not based on this code.)

Re:I forget...

[derinax]

No. NeXTSTEP pre-dated NetBSD and FreeBSD. NeXTSTEP was based on BSD Tahoe 4.3, and OS X took code from all three codebases (OS X was NetBSD-heavy in the early days until Jordan Hubbard joined Apple and influenced further conversion to FreeBSD code).

To this day you can find BSD code from all BSD codebases, but not quite as much from OpenBSD. Run 'strings' on the libraries to get the skinny.

Re:But but but

[tomhudson]

The BSD license allows anyone, including Microsoft, to use BSD code.

Some of the files SCO claimed were infringing turned out to be BSD code, and as such, entirely okay (SCO couldn't claim rights to BSD code because of the Regents of the U of C vs AT&T case).

-- Barbie

Denial by Scott Lowe

[molo]

The original message claimed Scott Lowe was on the FBI payroll:

for example Scott Lowe is a well
respected author in virtualization circles who also happens top be on
the FBI payroll, and who has also recently published several tutorials
for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

In response, Scott Lowe has denied any affiliation with the FBI or other government agency.

-molo

Re:But but but

[Charliemopps]

Actually no, I was referring to the fact that the NSA helped in the development of Windows XP, Vista and 7... all publicly. It's not even a secret. They were also involved privately in 95 and 98.

Is Google really that hard to use?
http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development

"Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector," Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security yesterday as part of a prepared statement.

Re:But but but

[recoiledsnake]

http://www.openbsd.org/reprints/article_20000419.html

"The recent incident of "backdoors" in Microsoft software is indicative of a fundamental problem that electronic commerce will need to address very soon," Jerry Harold, president & co-founder of NetSec [...] Even if Microsoft has stringent internal requirements for software assurance, it's very difficult to catch a backdoor that may be hidden by a single coder deep inside hundreds of thousands of lines of code," said Harold
"This is why NetSec builds its products on an operating system (OpenBSD) that has made security its number one goal," Harold told SOURCES. "The source for the operating system was re-built from the ground up for security and is publicly available. As a result, it is continuously subjected to rigorous security review by independent software engineers around the world. This has additional benefits because secure code often tends to be well designed, stable, and efficient."

(A) Scott Lowe denies the charge

[LinuxScribe]

I interviewed Scott Lowe this evening for ITworld and he denies the allegations. Asked why Perry made his charge, Lowe speculated that Perry may have meant another Scott Lowe.

BKP

Re:So Sycraft-fu

[TarPitt]

Not that this has ever happened before, mind you:

Zug, Switzerland. For four decades, the Swiss flag that flies in front of Crypto AG has lured customers from around the world to this company in the lake dis- [words missing] most sensitive diplomatic and military communications value Switzerland's reputation for business secrecy and political neutrality. Some 120 nations have bought their encryption machines here.

But behind that flag, America's National Security Agency hid what may be the intelligence sting of the century. For years, NSA secretly rigged Crypto AG machines so that U.S. eavesdroppers could easily break their codes, according to former company employees whose story is supported by company documents.

The Baltimore Sun, About December 4, 1995, pp. 9-11.

as found in Cryptome

Doctorate level math skills not needed ...

[perpenso]

99.99% of code can be cleaned by talented enough audit freaks. Crypto code is in the other 0.01%. Proper cryptography development requires doctorate level mathematics skills.

Such math skills are needed to develop the algorithms but not to implement a provided algorithm or to verify the coded implementation.

Re:Many eyes make bugs / backdoors shallow

[inca34]

OpenBSD IPSEC audit effort http://pohl.ececs.uc.edu/opendoku/doku.php?id=start

Re:Many eyes make bugs / backdoors shallow

[inca34]

It seems that link may have been /.ed. They are doing precisely as you say.

Here is a dump of the information, last I had it.

IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate

The etherpad (most detailed and up to date):
OPENBSD IPSEC STACK VERIFICATION

Original Email:

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

The code:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_input.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c

Misc:

What other software includes the OpenBSD IPSEC implementation?

Not Linux:
Triaging Linux; git clone git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Initial commit 6c55c29fa, Oct 2002, Alexey Kuznetsov
Does not appear to be derived from the above? (checking strings from ipsec_input.c version 1.54.2.3, Oct 2002). Neither copyright information nor comment strings match. Linux's IPSec implementation looks original.
'git log -p --grep=IPSEC' on the above clone shows complete history for the period.

Communications:
IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate
PublicPad (this document); http://piratenpad.de/condition-beige

Press:

http://blogs.forbes.com/taylorbuley/2010/12/14/fbi-accusedipsec-of-decade-old-cryptography-code-conspiracy/
http://bsd.slashdot.org/story/10/12/15/004235/FBI-Alleged-To-Have-Backd

We have never allowed US citizens or foreign citizens working in the US
to hack on crypto code (Niels Provos used to make trips to Canada to
develop OpenSSH for this reason), so direct interference in the crypto
code is unlikely. It would also be fairly obvious - the crypto code
works as pretty basic block transform API, and there aren't many places
where one could smuggle key bytes out. We always used arcrandom() for
generating random numbers when we needed them, so deliberate biases of
key material, etc would be quite visible.
oored-OpenBSDs-IPSEC-Stack
http://www.reddit.com/r/programming/comments/elw0x/allegations_regarding_openbsd_ipsec_fbi_backdoors/
http://www.metafilter.com/98547/Subject-Allegations-regarding-OpenBSD-IPSEC

Docs:

http://web.archive.org/web/20000621015208/www.netsec.net/gsa.html
https://www.gsaadvantage.gov/ref_text/GS35F0040K/GS35F0040K_online.htm
http://web.archive.org/web/19980101000000-20040101235959*sh_re_sr_1nr_30/http://www.netsec.net/*
http://web.archive.org/web/20000816024729/www.netsec.net/ltr_doj.html

Source Contributors:
Jason: http://www.linkedin.com/in/jasonwright

Possibility #1: (eldragon)
http://www.openbsd.org/cgi-bin/cvs