Allegations of OpenBSD Backdoors May be True, Updated
It was just last week that Theo de Raadt, OpenBSD founder and developer, posted an email that claimed the Federal Bureau of Investigations paid OpenBSD developers to leave backdoors in its IPSEC network security stack. Since then early audits have found some questionable code, contributors denied any wrongdoing, and the original source reaffirmed his allegations.
It'll take time to go through all the code but de Raadt said "two bugs in our cryptographic code" have already been found. "We are assessing the impact. We are also assessing the 'archeological' aspects of this," he added.
In further developments, de Raadt said yesterday that Angelos had worked on the cypto stack in question for four years when accepting a contract at NETSEC. Angelos "wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer ontained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out."