[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Ian G iang at iang.org
Sat Dec 18 04:08:41 EST 2010


On 18/12/10 7:54 PM, James A. Donald wrote:
> On 2010-12-18 1:39 AM, Alfonso De Gregorio wrote:
>> Along this line, there is, by some years, The Underhanded C Contest,
>> an annual contest to write innocent-looking C code implementing
>> malicious behavior http://underhanded.xcott.com/
>
> Those participating in the underhanded C contest had the considerable
> advantage that the underhanded programmer was allowed to define the task
> and invent the algorithm.
>
> Hence my proposed restriction to interoperation with a good version and
> use of well known algorithms and protocols.


Yeah, I second that.  I was thinking of limiting it to a well known set 
to be backdoored.  E.g., OpenSSL, OpenSSH, IPSec.

iang


PS: But I do agree with Jon.  There is a non-trivial chance that this is 
just those guys futzing with our minds and sending us on a wildgoose 
chase.  Maybe they discovered that wikileaks is using OpenBSD or the 
Iranian centrifuges are about to roll out on it or the Chinese have 
mandated it for all secure stuff ... Hours of fun!



More information about the cryptography mailing list