OpenBSD IPSEC source code has been reviewed by and so far no evidence of any unpatched vulnerability or back door has come up, however the IPSEC source code is large and complex so it may be premature to close the door on this one. From Theo de Raadt @ openBSD:
(e) After Jason left, Angelos (who had been working on the ipsec stack already for 4 years or so, for he was the ARCHITECT and primary developer of the IPSEC stack) accepted a contract at NETSEC and
(while travelling around the world) wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer contained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out. Soon after this the CBC oracle problem became known as well in published papers, and ipsec/crypto moved towards random IV generation (probably not viable before this, since we had lacked a high-quality speedy PRNG… arc4random). I do not believe that either of these two problems, or other problems not yet spotted, are a result of clear malice. So far the issues we are digging up are a function of the time in history.
I’ve always been a firm believer that intelligence agencies deliberately introduce vulnerabilities in application source code by paying off and/or having agents infiltrate software companies, which they can remotely exploit for eavesdropping purposes.
Just let this be a lesson to you, when the US government pushes the use of an encryption algorithm, it’d be wise to use a different one.
Leave a Reply
You must be logged in to post a comment.