[cryptography] Gregory Perry's follow-up to the FBI OpenBSD / OCF backdoors thread (was: Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s))
marsh at extendedsubset.com
Mon Jan 16 00:04:00 EST 2012
On 01/15/2012 07:18 PM, Jonathan Thornburg wrote:
> On Sat, 14 Jan 2012, Alfonso De Gregorio wrote:
>> Back in December 2010, we discussed the OpenBSD IPSec backdoor allegations.
>> Two days ago, Cryptome.org published the Gregory Perry's follow-up to
>> the this story.
>> FBI OpenBSD Backdoors and RSA Cipher Vulnerability
> I'm struck by the lack of any detailed information here about just what
> constituted(-es?) the "FBI OpenBSD Backdoors". I'd be much more impressed
> if the claim were more along the lines of "take a close look at
> /usr/src/sys/foo/bar/baz.c near line 1400 and you might be surprised".
I did look into it when the first round of allegations were made. Sure,
there was a bug or two in the IPsec code back then. It's been pretty
thoroughly discussed on this list already. But I don't care to repeat
that, but it's http://extendedsubset.com/?p=41 if you're interested.
The latest bit about "at least one mathematical vulnerability in the RSA
encryption algorithm related to changing the base numbering system of
the resulting RSA modulus after a block of plaintext had been encrypted"
doesn't make sense to me.
The "RSA modulus" (n = pq) doesn't "result from" or change after an
Whereas the "modulus resulting" (i.e., the remainder) from the
encryption operation (c = m^e mod n) seems (at first glance) less
interesting to the chosen-plaintext attacker. That modulo operation
serves to protect m and keep the computations reasonable, not to protect
the private key, right?
More information about the cryptography