Re: [Full-disclosure] OpenBSD Paradox



On Wed, Dec 15, 2010 at 3:22 PM, Theo de Raadt <deraadt@xxxxxxxxxxxxxxx> wrote:
We has OpenBSD tell us:

"We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code"
http://marc.info/?l=3Dopenbsd-tech&m=3D129237675106730&w=3D2

That statement remains true.

Our project permitted American developers to work on any part of the
tree which was not specifically cryptography; in this particular
instance that includes the parts of IPSEC which are 'dual use' or 'not
related to cryptography'.  We did not permit them to work on the
crypto-specific parts.


Military is clever at words and dual use for is example, dual use of technology.

So is your approach: "He is not backdoor crypto! Only the portion on
the network - so is your data sniffable"

In all wording from OpenBSD, there is not one denial: "IPSEC is not
backdoored" only word trickery:

"We is full disclosing someone say IPSEC is backdoor"
"We is full disclosing IPSEC is not worked on by Americans"
"We is receive strange email"
"We is have DARPA funding cut!"

Never have we see:

"OpenBSD is not backdoored"
"OpenBSD audited is this code in the past"
"OpenBSD is currently going back to is audit"

Furthermore is fact that is as developer, one developer can seek help
from another developer and this is developer who put backdoor:

CryptoDeveloper = I has no idea how is to make this work
RogueDeveloper = I is has this special piece of code is for you
CryptoDeveloper = Is thanks!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] OpenBSD Paradox
    ... At the moment OpenBSD just lost a few (more, ... IPSEC coden. ... "He is not backdoor crypto! ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
    ... is referring to exploitable vulnerabilities. ... First, if someone was able to alter the crypto source code 10 years ago, ... Finally, the guy who sent Theo the email obviously lied, or else there's a ... supersekrit backdoor in the code that no one has noticed for ten years. ...
    (Full-Disclosure)
  • Re: NSA given a back door into every copy of Windows sold
    ... backdoor in Windows, but the same agency would not hesitate, in complete ... Windows by a US intelligence agency and would subsequently be used ... Clearly you're not familiar with the case of Crypto AG. ... government and it didn't destroy Crypto AG. ...
    (alt.privacy)
  • Re: [Full-disclosure] Allegations regarding OpenBSD IPSEC
    ... Anyone who's ever met Theo would be hard put to believe such a claim anyway. ... First, if someone was able to alter the crypto source code 10 years ago, ... the altering has to be smarter than every other crypto guy who worked on ... supersekrit backdoor in the code that no one has noticed for ten years. ...
    (Full-Disclosure)
  • Re: NSA given a back door into every copy of Windows sold
    ... I think TwistyCreek was talking about the risk of a backdoor ... found out that a backdoor in Windows was potentially spying on ... Clearly you're not familiar with the case of Crypto AG. ... government and it didn't destroy Crypto AG. ...
    (alt.privacy)