
OpenBSD backdoor claims: bugs found during code audit - gasull
http://www.itwire.com/opinion-and-analysis/open-sauce/43995-openbsd-backdoor-claims-code-audit-begins
======
po
_If the claims made by Perry are found to be in any way true, then the
project's reputation would take a big hit._

And yet, based on how this is being handled I find myself respecting OpenBSD
even more.

------
tptacek
The discussion for this is mostly here:

<http://news.ycombinator.com/item?id=2014004>

~~~
tedunangst
Err, the bug fixed 8 years doesn't count as one of the two bugs fixed this
week.

[http://marc.info/?l=openbsd-
cvs&m=129245633605693&w=...](http://marc.info/?l=openbsd-
cvs&m=129245633605693&w=2)

[http://marc.info/?l=openbsd-
cvs&m=129245816907800&w=...](http://marc.info/?l=openbsd-
cvs&m=129245816907800&w=2)

~~~
tptacek
Ok. But:

* The former fix is somewhat theoretical. Back around 2003-2004, there was a Bellare paper that proposed an attack on SSH based on its use of "chained IVs", where the IV of packet N is the last ciphertext of packet N-1. This reveals the IV of the next packet to attackers (ciphertext is public) _before_ the packet is encrypted; it is OK for IVs to be public, but not OK for them to be predictable, or else attackers can use a chosen-plaintext attack to make guesses about packet contents. Angelos got rid of this construction back then, and this fix makes the rest of OpenBSD's crypto consistent with the fix. Interesting, but certainly not a crypto backdoor.

* The latter fix isn't a security flaw; they forgot to bump a constant and so a for() loop wouldn't be able to find an item in a list.

~~~
tptacek
Never mind. I wrote the exploit code for that vulnerability. It's awesome.
It's still definitely not a crypto backdoor (it lets you run dictionary
attacks against crypto blocks in a CBC message stream, which is terrible, but
not exactly an FBI-friendly feature addition), but it's not theoretical.

------
there
one of them being:

[http://marc.info/?l=openbsd-
cvs&m=129245633605693&w=...](http://marc.info/?l=openbsd-
cvs&m=129245633605693&w=2)

i'm not sure what the other one is.

------
jey
Pretty weird that they don't link to the emails confirming that bugs were
found.

