Allegations suggest OpenBSD has US crypto backdoor

OpenBSD is the poster boy of secure operating systems, which is why it was an enormous surprise when allegations were leveled yesterday that the FBI had planted backdoors in the source code for OpenBSD as far back as 2000.

Gregory Perry a former CTO at NETSEC which funded some OpenBSD development during the time in question sent an email to OpenBSD founder Theo de Raadt suggesting that the FBI planted programmers in the project to embed backdoors and side channel key leaking mechanisms into the IPSec implementation.

His accusations specifically implicate Jason Wright and Scott Lowe, both of whom were involved in security development work around that time. Scott Lowe has published a blog denying any involvement saying quite pointedly:

“Quite simply, it wasn’t me.” – Scott Lowe

Jason Wright also responded on the OpenBSD-tech mailing list with his own take:

“So, keep my name out of the rumor mill. It is a baseless accusation the reason for which I cannot understand.” – Jason Wright

Side channel attacks require access in some manner to devices used in the encryption process or access to the data being transmitted. Normally this would make it difficult to compromise a random private VPN connection without compromising a data center or ISPs network routing.

So why would the FBI embed these bugs? According to Perry they wanted to spy on their parent organization the Executive Office for United States Attorneys (EOUSA). If the FBI were trying to spy on their parents that may have some serious legal implications if this isn’t simply a baseless rumor.

In a statement to Robert McMillan, Perry said he didn’t intend for his letter to become public, but stands by his original assertions.

The OpenBSD team is discussing what they should do about the claims. Auditing source code from 10 years ago for something that might be difficult to detect to start with is a daunting task. Most people on the mailing list believe it is some sort of stunt for publicity and has no legs.

The OpenBSD discussion list has remained very civil, and I am sure they will determine a method to reassure everyone that their IPSec can be trusted. Some folks have had some slightly rude things to say about Gregory Perry, but fortunately it has not devolved into a flame war.
Unfortunately it may prove difficult, if not impossible, to either confirm or deny the allegations. This does go to show however that the implementation of a security solution and those behind implementing it are essential to its proper function.

Simply declaring a product to have used “AES-256” or “IPSec” doesn’t tell you anything about whether it was securely implemented, or whether it may have been booby-trapped. In January of 2010 we blogged about encrypted USB drives being compromised because of a poorly designed software package, another example of why implementation can be even more important than technology.

Blowfish image courtesy of