Alleged backdoor in OpenBSD's IPSEC implementation.
http://thread.gmane.org/gmane.os.openbsd.tech/22557 This appears to be some serious FUD, but if true could have some serious implications for IPSEC stacks in all kinds of equipment. -wil
On Tue, Dec 14, 2010 at 9:17 PM, Wil Schultz <wschultz@bsdboy.com> wrote:
http://thread.gmane.org/gmane.os.openbsd.tech/22557
This appears to be some serious FUD, but if true could have some serious implications for IPSEC stacks in all kinds of equipment.
-wil
Does anyone remember the last time a law enforcement agency had someone sign a 10 year NDA on a backdoor? "Oh, times up, I can post it on Facebook now. Cool."
On Tue, Dec 14, 2010 at 09:39:02PM -0800, Chaim Rieger said:
Does anyone remember the last time a law enforcement agency had someone sign a 10 year NDA on a backdoor?
"Oh, times up, I can post it on Facebook now. Cool."
22:42 <@smartboy> curious what the guy's motives really are. pretty sure the NDA expiration on putting a backdoor into software for the FBI would be "when you're dead" 22:42 <@smartboy> or "when you'd like to be dead" /kc -- Ken Chase - ken@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
On Dec 14, 2010, at 9:56 PM, Ken Chase wrote:
On Tue, Dec 14, 2010 at 09:39:02PM -0800, Chaim Rieger said:
Does anyone remember the last time a law enforcement agency had someone sign a 10 year NDA on a backdoor?
"Oh, times up, I can post it on Facebook now. Cool."
22:42 <@smartboy> curious what the guy's motives really are. pretty sure the NDA expiration on putting a backdoor into software for the FBI would be "when you're dead" 22:42 <@smartboy> or "when you'd like to be dead"
Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, "NDA"s expire when you do. But seriously ... this would seem to be the kind of code that Smart People should be doing security audits on Just Because. So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set. Aloha, Michael. -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..."
On Tue, Dec 14, 2010 at 11:51:24PM -0800, Michael J Wise wrote:
On Dec 14, 2010, at 9:56 PM, Ken Chase wrote:
On Tue, Dec 14, 2010 at 09:39:02PM -0800, Chaim Rieger said:
Does anyone remember the last time a law enforcement agency had someone sign a 10 year NDA on a backdoor?
"Oh, times up, I can post it on Facebook now. Cool."
22:42 <@smartboy> curious what the guy's motives really are. pretty sure the NDA expiration on putting a backdoor into software for the FBI would be "when you're dead" 22:42 <@smartboy> or "when you'd like to be dead"
Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, "NDA"s expire when you do. But seriously ... this would seem to be the kind of code that Smart People should be doing security audits on Just Because.
So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set.
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
-----Original Message----- From: mikea [mailto:mikea@mikea.ath.cx] Sent: Wednesday, December 15, 2010 8:28 AM To: nanog@nanog.org Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation.
Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, "NDA"s expire when you do. But seriously ... this would seem to be the kind of code that Smart
People
should be doing security audits on Just Because.
So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set.
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.
Please pardon my ignorance on the matter as I am not involved in any way with Open Source development, but it stands to reason that anything of this sort would have been scrutinized by the many developers involved with OpenBSD and surely would have been discovered at some point. And to further that point, is this not something that can be verified now if this code is still in the public domain? Or is writing a crypto stack such an esoteric task that only a relegated few can possibly decipher the inner workings? Not that I don't love a good government conspiracy theory, and yes I do believe there are a fair amount of backdoors in most code (including that of many private and publicly held corporations)... but open source? Just seems unlikely to me based on my limited understanding... Stefan
On Wed, Dec 15, 2010 at 12:00:56PM -0500, Stefan Fouant wrote:
-----Original Message----- From: mikea [mailto:mikea@mikea.ath.cx] Sent: Wednesday, December 15, 2010 8:28 AM To: nanog@nanog.org Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation.
Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, "NDA"s expire when you do. But seriously ... this would seem to be the kind of code that Smart
People
should be doing security audits on Just Because.
So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set.
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.
Please pardon my ignorance on the matter as I am not involved in any way with Open Source development, but it stands to reason that anything of this sort would have been scrutinized by the many developers involved with OpenBSD and surely would have been discovered at some point. And to further that point, is this not something that can be verified now if this code is still in the public domain? Or is writing a crypto stack such an esoteric task that only a relegated few can possibly decipher the inner workings?
Not that I don't love a good government conspiracy theory, and yes I do believe there are a fair amount of backdoors in most code (including that of many private and publicly held corporations)... but open source? Just seems unlikely to me based on my limited understanding...
In sober honesty, I doubt that there are any backdoors in any *BSD crypto stack that is really open source -- modulo the issues set out in "On trusting trust". But while I doubt it, that doesn't mean that I'm certain there are none. At this point, a real Conspiracy Theorist (TM) would ramble on about how all the *BSD crypto stack folks either were co-opted by the NSA or were under threat of death or worse if they talked. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
On Wed, Dec 15, 2010 at 9:00 AM, Stefan Fouant < sfouant@shortestpathfirst.net> wrote:
-----Original Message----- From: mikea [mailto:mikea@mikea.ath.cx] Sent: Wednesday, December 15, 2010 8:28 AM To: nanog@nanog.org Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation.
Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, "NDA"s expire when you do. But seriously ... this would seem to be the kind of code that Smart
People
should be doing security audits on Just Because.
So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set.
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.
Please pardon my ignorance on the matter as I am not involved in any way with Open Source development, but it stands to reason that anything of this sort would have been scrutinized by the many developers involved with OpenBSD and surely would have been discovered at some point. And to further that point, is this not something that can be verified now if this code is still in the public domain? Or is writing a crypto stack such an esoteric task that only a relegated few can possibly decipher the inner workings?
Not that I don't love a good government conspiracy theory, and yes I do believe there are a fair amount of backdoors in most code (including that of many private and publicly held corporations)... but open source? Just seems unlikely to me based on my limited understanding...
Stefan
Stefan, I wouldn't want to debate whether or not this specific theoretical "back door" exists (since it seems to be less than marginally credible at this point,) but it is more plausible than you might think. I believe that most of us a fairly static situation that we think of when we hear "back door" as it pertains to technology and software. This, however, is an alleged "back door" (though perhaps describing it as a weakness is less likely to elicit tin-foil-hat-type predictions) in the crypto. There are tons of brilliant developers in the open source *and* commercial community that could spot a back door in the *code* in a heartbeat. The alleged weakness here, however, is far more likely to be a mathematical weakness in the actual crypo algorithms which wouldn't stand out to most developers - even the top-end folks. Ultimately, it will probably come down to crypto-nerds and mathematicians to verify the algorithms that were used rather than just putting great programming eyes on the code. Such things have happened before, though with much less fanfare to the general community. For example: http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html // Ben S.
On 12/15/2010 at 9:17 AM Ben wrote: |On Wed, Dec 15, 2010 at 9:00 AM, Stefan Fouant < |sfouant@shortestpathfirst.net> wrote: | |> > -----Original Message----- |> > From: mikea [mailto:mikea@mikea.ath.cx] |> > Sent: Wednesday, December 15, 2010 8:28 AM |> > To: nanog@nanog.org |> > Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation. [snip] ============= Another relevant comment from the OpenBSD tech mailing list: http://www.marc.info/?l=openbsd-tech&m=129237675106730&w=2
On Wed, Dec 15, 2010 at 10:20 AM, Mike. <the.lists@mgm51.com> wrote:
On 12/15/2010 at 9:17 AM Ben wrote:
|On Wed, Dec 15, 2010 at 9:00 AM, Stefan Fouant < |sfouant@shortestpathfirst.net> wrote: | |> > -----Original Message----- |> > From: mikea [mailto:mikea@mikea.ath.cx] |> > Sent: Wednesday, December 15, 2010 8:28 AM |> > To: nanog@nanog.org |> > Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation. [snip] =============
Another relevant comment from the OpenBSD tech mailing list:
Also, the original sender of the email confirms he sent it. Also mentions PF as a target in the follow-up. http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd Anyone know the trustworthy-ness of 'csoonline'? -Bryan
On 12/15/2010 at 10:25 AM Bryan Irvine wrote: |On Wed, Dec 15, 2010 at 10:20 AM, Mike. <the.lists@mgm51.com> wrote: |> |> On 12/15/2010 at 9:17 AM Ben wrote: |> |> |On Wed, Dec 15, 2010 at 9:00 AM, Stefan Fouant < |> |sfouant@shortestpathfirst.net> wrote: |> | |> |> > -----Original Message----- |> |> > From: mikea [mailto:mikea@mikea.ath.cx] |> |> > Sent: Wednesday, December 15, 2010 8:28 AM |> |> > To: nanog@nanog.org |> |> > Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation. |> [snip] |> ============= |> |> |> Another relevant comment from the OpenBSD tech mailing list: |> |> |> http://www.marc.info/?l=openbsd-tech&m=129237675106730&w=2 | |Also, the original sender of the email confirms he sent it. Also |mentions PF as a target in the follow-up. | |http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd | |Anyone know the trustworthy-ness of 'csoonline'? ============= Someone's putting up a bounty ... http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec-backdo or-allegations.html
-----Original Message----- From: Mike. [mailto:the.lists@mgm51.com] Sent: Wednesday, December 15, 2010 3:29 PM To: nanog@nanog.org Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation.
On 12/15/2010 at 10:25 AM Bryan Irvine wrote: | |Anyone know the trustworthy-ness of 'csoonline'? =============
Someone's putting up a bounty ...
http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec- backdo or-allegations.html
I might just be me, but a few hundred bucks just doesn't seem like enough to warrant potentially receiving a visit from the men in black... Stefan
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.
Please pardon my ignorance on the matter as I am not involved in any way with Open Source development, but it stands to reason that anything of this sort would have been scrutinized by the many developers involved with OpenBSD and surely would have been discovered at some point. And to further that point, is this not something that can be verified now if this code is still in the public domain? Or is writing a crypto stack such an esoteric task that only a relegated few can possibly decipher the inner workings?
See Ken Thompson's classic paper "Reflections on trusting trust", http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Tr... http://cm.bell-labs.com/who/ken/trust.html
Not that I don't love a good government conspiracy theory, and yes I do believe there are a fair amount of backdoors in most code (including that of many private and publicly held corporations)... but open source? Just seems unlikely to me based on my limited understanding...
The world is not that simple. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
update.. hoax it appears. http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-name... -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.
On Wed, Dec 15, 2010 at 7:28 AM, mikea <mikea@mikea.ath.cx> wrote:
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.
Someone working on a classified project or having access to classified info would be signing a lot more than an NDA. Which leads me to the conclusion Perry probably did not have access to classified info; a gov't backdoor planted in OpenBSD would probably be classified, so Perry was more likely than not, either in error or exagerating. If Perry really is risking making authorities frustrated for revealing that they have a backdoor, then it does not help the community much for him to withold the minimal amount of info required to verify the claims. For now it smells of FUD, because the claims are too vague, unsupported, and the extent of what Perry claims to have witnessed has not been explained. An example of Perry being in error would be if the company was paid to merely develop a backdoor or side channel, but not actually to plant it in their contributed code. The FBI might have wanted proof of concepts, or backdoored versions of code as "drop in piece" to use for other projects.. for example, insider penetration testing, or surreptitious monitoring by planting the backdoored version on specific targetted systems. Proof of concept code might have gone nowhere. In that case, it would be impossible to find the backdoor by analyzing the OpenBSD source code. Or a backdoor or coding error made by someone else entirely might be discovered instead. Rewriting instead of merely auditing, of course, presents a risk that new backdoors could be introduced by whoever rewrites. Even if a backdoor were developed, Perry posted very little info about exactly what he knows and how he knows it, what was his role in the project. Such as the question of: 'Did he personally check the contributed code and see the backdoor present?' -- -JH
participants (14)
-
'mikea' -
Ben -
Bryan Irvine -
Chaim Rieger -
Eitan Adler -
Greg Whynott -
Jimmy Hess -
Ken Chase -
Michael J Wise -
Mike. -
mikea
-
Stefan Fouant -
sthaug@nethelp.no -
Wil Schultz