The founder of the OpenBSD project said he believes a firm was “probably contracted” by the government to write backdoors in the OpenBSD Cryptographic Framework (OCF).
The statement was made Dec. 21 by OpenBSD founder Theo de Raadt on the project’s mailing list in response to the ongoing discussion about allegations aired in an e-mail to de Raadt from former NetSec CTO Gregory Perry. In the e-mail, Perry claimed that roughly a decade ago, the FBI had developers plant backdoors and side-channel key leaks in OCF.
“I believe that NETSEC [sic] was probably contracted to write backdoors as alleged,” de Raadt wrote. “If those were written, I don’t believe they made it into our tree. They might have been deployed as their own product.”
During the past week, some have criticized Perry’s claims, and two people named in his initial e-mail have denied any involvement in the alleged plot. One of them, Jason Wright, noted in a message to the OpenBSD mailing list that the code he touched related “mostly to device drivers to support the framework.”
“I don’t believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes),” Wright wrote Dec. 15.
Perry, now CEO of GoVirtual Education, told eWEEK in an e-mail Dec. 15 that he stood by his allegations.
“The FBI has been doing this for quite some time now, they have intentionally weakened the United States’ critical infrastructure for purposes of domestic and international surveillance,” Perry wrote. “God only knows what they are up to these days with their newfound legislative powers.”
In his e-mail to de Raadt, Perry alleged the FBI “implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA [Executive Office for United States Attorneys], the parent organization to the FBI.”
According to de Raadt, both Wright and developer Angelos Keromytis worked at NetSec, which has since been acquired by Verizon, and wrote code in “many areas we all rely on.”
“After Jason left, Angelos (who had been working on the ipsec stack already for 4 years or so, for he was the ARCHITECT and primary developer of the IPSEC stack) accepted a contract at NETSEC and while travelling around the world) wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on,” he wrote. “That crypto layer contained the…insecure idea of half-IV that the US govt was pushing at that time.”
“Soon after his contract was over this was ripped out,” de Raadt continued. “Soon after this the CBC oracle problem became known as well in published papers, and ipsec/crypto moved towards random IV generation (probably not viable before this, since we had lacked a high-quality speedy PRNG… arc4random). I do not believe that either of these two problems, or other problems not yet spotted, are a result of clear malice. So far the issues we are digging up are a function of the time in history.”