[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Jon Callas jon at callas.org
Wed Dec 15 03:31:46 EST 2010


Me, I figure that extraordinary claims require a smidgen of actual evidence.

It's really easy to say that a decade ago, system foo had back doors snuck in it. But -- what were the back doors? A bum random number generator? Keygen that made RSA keys with a known, fixed prime? What?

My view is that if the claim is merely for back doors without saying what they are, there's an obvious reason for that -- if you said that there's flaw X which was in module M.c on lines 23-137, someone could actually go look at M.c and see what they are. But this way, the slur has been made in a way that is impossible to discuss. I think evidence is called for, or failing that, and actual description of the flaw.

	Jon




More information about the cryptography mailing list