[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Marsh Ray marsh at extendedsubset.com
Wed Dec 15 04:23:23 EST 2010

On 12/15/2010 02:31 AM, Jon Callas wrote:
>  But this way,
> the slur has been made in a way that is impossible to discuss. I
> think evidence is called for, or failing that, and actual description
> of the flaw.

Hot off the presses. Haven't yet decided how much this counts for 
information. But he does come closer to naming source files.

- Marsh


> he OCF was a target for side channel key leaking mechanisms, as well
> as pf (the stateful inspection packet filter), in addition to the
> gigabit Ethernet driver stack for the OpenBSD operating system; all
> of those projects NETSEC donated engineers and equipment for,
> including the first revision of the OCF hardware acceleration
> framework based on the HiFN line of crypto accelerators.
> The project involved was the GSA Technical Support Center, a circa
> 1999 joint research and development project between the FBI and the
> NSA; the technologies we developed were Multi Level Security controls
> for case collaboration between the NSA and the FBI due to the Posse
> Commitatus Act, although in reality those controls were only there
> for show as the intended facility did in fact host both FBI and NSA
> in the same building.
> We were tasked with proposing various methods used to reverse
> engineer smart card technologies, including Piranha techniques for
> stripping organic materials from smart cards and other embedded
> systems used for key material storage, so that the gates could be
> analyzed with Scanning Electron and Scanning Tunneling Microscopy.
> We also developed proposals for distributed brute force key cracking
> systems used for DES/3DES cryptanalysis, in addition to other methods
> for side channel leaking and covert backdoors in firmware-based
> systems.  Some of these projects were spun off into other sub
> projects, JTAG analysis components etc.  I left NETSEC in 2000 to
> start another venture, I had some fairly significant concerns with
> many aspects of these projects, and I was the lead architect for the
> site-to-site VPN project developed for Executive Office for United
> States Attorneys, which was a statically keyed VPN system used at
> 235+ US Attorney locations and which later proved to have been
> backdoored by the FBI so that they could recover (potentially) grand
> jury information from various US Attorney sites across the United
> States and abroad.  The person I reported to at EOSUA was Zal Azmi,
> who was later appointed to Chief Information Officer of the FBI by
> George W. Bush, and who was chosen to lead portions of the EOUSA VPN
> project based upon his previous experience with the Marines (prior to
> that, Zal was a mujadeen for Usama bin Laden in their fight against
> the Soviets, he speaks fluent Farsi and worked on various incursions
> with the CIA as a linguist both pre and post 911, prior to his tenure
> at the FBI as CIO and head of the FBI’s Sentinel case management
> system with Lockheed).  After I left NETSEC, I ended up becoming the
> recipient of a FISA-sanctioned investigation, presumably so that I
> would not talk about those various projects; my NDA recently expired
> so I am free to talk about whatever I wish.
> Here is one of the articles I was quoted in from the NY Times that
> touches on the encryption export issue:
> In reality, the Clinton administration was very quietly working
> behind the scenes to embed backdoors in many areas of technology as a
> counter to their supposed relaxation of the Department of Commerce
> encryption export regulations – and this was all pre-911 stuff as
> well, where the walls between the FBI and DoD were very well
> established, at least in theory.

More information about the cryptography mailing list