Slashdot Mirror

← Back to Stories (view on slashdot.org)

De Raadt Doubts Alleged Backdoors Made It Into OpenBSD

Posted by timothy on from the giving-away-all-our-best-tricks dept.

itwbennett writes "In follow-up to last week's controversy over allegations that the FBI installed a number of back doors into the encryption software used by the OpenBSD operating system, OpenBSD lead developer Theo de Raadt said on a discussion list Tuesday, that he believes that a government contracting firm that contributed code to his project 'was probably contracted to write backdoors,' which would grant secret access to encrypted communications. But that he doesn't think that any of this software made it into the OpenBSD code base."

5 of 136 comments (clear)

  1. Re:Audit necessary by CAPSLOCK2000 · · Score: 5, Informative

    Even with a thorough audit you will never be sure. That's the beauty of these kinds of accusations, no matter what you do, you can never 100% sure.
    OpenBSD is among the best audited code in the world. People have been looking for this backdoor specifically for an entire week and nothing fishy has been found yet.

  2. Link to the ACTUAL FREAKING POST by brunes69 · · Score: 4, Informative

    Since the useless summary did not include one

    http://marc.info/?l=openbsd-tech&m=129296046123471&w=2

  3. Link directly to Theo's post by martyros · · Score: 4, Informative

    A link to Theo's post on the subject is much more informative.

    Highlights:

    • Two of the guys named in the original allegation did work on the security stack, but
    • Almost certainly didn't check in any malicious code, and
    • "wrote much code in many areas that we all rely on. Daily. Outside the ipsec stack."

    Also:

    I believe that NETSEC was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product.

    --

    TCP: Why the Internet is full of SYN.

  4. Re:Audit necessary by milonssecretsn · · Score: 5, Informative

    OpenBSD does have an ongoing code audit

    Perhaps not as thorough as you were suggesting. However, I think for others who are not familiar with OpenBSD's ongoing code audit, the above link will be essential for fully understanding these stories.

    --
    Hey, I was only kidding. You don't have to MOD me "Troll" . . . again . . . .
  5. Yes, you are right... by PaulBu · · Score: 4, Informative

    "Reflections on trusting trust", by Ken Thompson:

    http://cm.bell-labs.com/who/ken/trust.html

    Paul B.