One of the developers named in the OpenBSD backdoor allegations has denied any involvement, with Jason L. Wright arguing that the work he carried out on the OS related instead to device drivers and demanding an apology. Former OpenBSD coder Gregory Perry made claims earlier this month that the FBI had installed covert backdoor access into the popular open-source platform, so as to allow the bureau to monitor VPN and other traffic.
“I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). The code I touched during that work relates mostly to device drivers to support the framework. I don’t believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes). However, I welcome an audit of everything I committed to OpenBSD’s tree.” Jason L. Wright
Wright describes Perry’s claims as “baseless accusations” and “urban legend”, and suggests that the developer merely used his name “to add credibility to your cloak and dagger fairy tales.” He also argues that Perry was not even involved with the project while OpenBSD crypto framework (OCF) development was underway; that began “in earnest” in February 2000, while Perry left NETSEC in January that year.
Perry had alleged that OpenBSD’s DARPA funding was cut after the organization “caught wind of the fact that these backdoors were present” and that a lifted NDA had freed him to speak regarding the security loophole. Wright joins OpenBSD project chief Theo de Raadt in calling for an audit of the project’s code.
[Image credit: Anthony Majanlahti]