Skip to main content

OpenBSD lead believes backdoors didn’t make it into the OS

Image used with permission by copyright holder

OpenBSD development lead Theo de Raadt says that he believes a government contracting firm was hired to write back doors into communications and encryption technology, but that those back doors, if written, did not make it into the OpenBSD code base. However, he is still encouraging contributors and users of the open source project to audit the code to look for any problems—and a few other issues have been uncovered.

The controversy erupted last week when Gregory Perry, the former CEO of a government contractor called Netsec, sent de Raadt a private message indicating there could be back doors in OpenBSD’s secure communications technology inserted a decade ago at the behest of the federal government. Rather than sit on the claim, de Raadt went public with the message, disclosing its complete contents and noting he refused “to become part of such a conspiracy.”

Recommended Videos

In a follow-up posting to an OpenBSD discussion list, de Raadt outlined what he believes the current state of affairs. de Raadt confirms Netsec did work as a contractor on government computer security projects, Gregory Perry did work there, and two contractors who made contributions to OpenBSD did work on OpenBSD’s IPSEC layer—and one of them was the architect and primary developer of the IPSEC stack who worked on the project for four years. However, while those implementations had cryptography issues, de Raadt is, for the moment, satisfied they are historical artifacts of federal regulations governing use of cryptography, rather than any intentional malice.

de Raadt says he does believe Netsec was contracted to write back doors; however, if those were written, he doesn’t believe they made their way into OpenBSD, although they may will have “deployed as their own product.”

Since de Raadt went public with Perry’s allegations, two new bugs have been uncovered in OpenBSD’s cryptography technology: one propagates a fix for an old, well-known security vulnerability from the cryptography later to drivers, and the other is essentially a bit of housekeeping. de Raadt says he’s also looking at cleaning up an “extremely ugly” function and found a small bug in another aspect of random number-generating code.

Meanwhile, de Raadt indicates he is pleased so many developers are examining the OpenBSD code base for possible problems, saying this “is the best process we can hope for.”

So far, no one has stepped forward to back up Perry’s claims that the federal government paid to have back doors inserted into OpenBSD, and two people named in Perry’s allegations have specifically refuted Perry’s claims. Numerous industry watchers have questioned the utility of inserting backdoors into open source projects—particularly projects used in government work—since, if the vulnerabilities are uncovered, they’d immediately be in the hands of criminals. But maybe that’s just what the Feds want people to think.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This all-in-one PC is $400 off at Dell for Cyber Week
Dell Inspiron 27 7720 all-in-one PC.

Looking for great desktop computer deals? If you’re short on space or simply want something more stylish looking than the average PC, check out the Dell Inspiron 27 All-in-One PC, which is on sale at Dell right now. Normally priced at $1,600, it’s down to $1,200 as part of Cyber Week deals, and it’s going to look great in your living room. The $400 discount won’t stick around for long, so let’s take a quick look at what it has to offer.

Why you should buy the Dell Inspiron 27 All-in-One PC
Buying one of the best all-in-one PCs is a good move if you’re short on space at home and you want something stylish as well as practical. With the Dell Inspiron 27 All-in-One PC, you’re getting everything you need to work well from home or simply relax. It has an Intel Core 7 150U processor along with a massive 32GB of RAM, so you’re all set for the future. It also has 1TB of SSD storage so there’s plenty of room for all your files. It even has an Nvidia GeForce MX570A graphics card, although we wouldn’t consider the Dell Inspiron 27 All-in-One PC for anything more than the most casual of gaming.

Read more
Samsung DeX for Windows is dead
Samsung DeX mode.

Samsung appears to have plans to retire support of its DeX Windows app upon releasing the OneUI 7 software update.

Android Authority recently observed updates on Samsung’s DeX page on its UK website that sais the DeX for Windows feature will be discontinued as of OneUI 7, which will be available in 2025. The company detailed that DeX for Windows users can transition to the Phone Link feature as an alternative.

Read more
The last major game of 2024 is going to wreck your PC
Indiana Jones drags a Nazi down a staircase with his whip in Indiana Jones and the Great Circle.

We're getting close to the end of 2024, but there's one more major game release in the pipeline -- Indiana Jones and the Great Circle. Unfortunately for a lot of PC players, the system requirements might be too steep, even if your rig is packing one of the best graphics cards.

You can see the list of requirements below, and there's a lot to dig into. For starters, this is the first time I've ever seen the RTX 4090 listed in system requirements. There's no doubt that the RTX 4090 is the cream of the crop for gaming performance, but it's so powerful that even demanding games like Alan Wake 2 and Dragon Age: The Veilguard don't need to recommend it. Here, you'll need the RTX 4090 to max everything out at 4K.

Read more