[cryptography] Gregory Perry's follow-up to the FBI OpenBSD / OCF backdoors thread (was: Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s))

Marsh Ray marsh at extendedsubset.com
Mon Jan 16 00:04:00 EST 2012

On 01/15/2012 07:18 PM, Jonathan Thornburg wrote:
> On Sat, 14 Jan 2012, Alfonso De Gregorio wrote:
>> Back in December 2010, we discussed the OpenBSD IPSec backdoor allegations.
>> Two days ago, Cryptome.org published the Gregory Perry's follow-up to
>> the this story.
>> FBI OpenBSD Backdoors and RSA Cipher Vulnerability
>> http://cryptome.org/2012/01/0032.htm
> I'm struck by the lack of any detailed information here about just what
> constituted(-es?) the "FBI OpenBSD Backdoors".  I'd be much more impressed
> if the claim were more along the lines of "take a close look at
> /usr/src/sys/foo/bar/baz.c near line 1400 and you might be surprised".

I did look into it when the first round of allegations were made. Sure, 
there was a bug or two in the IPsec code back then. It's been pretty 
thoroughly discussed on this list already. But I don't care to repeat 
that, but it's http://extendedsubset.com/?p=41 if you're interested.

The latest bit about "at least one mathematical vulnerability in the RSA 
encryption algorithm related to changing the base numbering system of 
the resulting RSA modulus after a block of plaintext had been encrypted" 
doesn't make sense to me.

The "RSA modulus" (n = pq) doesn't "result from" or change after an 
encryption operation.

Whereas the "modulus resulting" (i.e., the remainder) from the 
encryption operation (c = m^e mod n) seems (at first glance) less 
interesting to the chosen-plaintext attacker. That modulo operation 
serves to protect m and keep the computations reasonable, not to protect 
the private key, right?

- Marsh

More information about the cryptography mailing list