View Single Post
Old 15th December 2010
Oliver_H's Avatar
Oliver_H Oliver_H is offline
Real Name: Oliver Herold
UNIX lover
 
Join Date: May 2008
Location: Germany
Posts: 427
Default

DAG-ERLING SMØRGRAV: OpenBSD IPSec backdoor allegations: triple $100 bounty

http://maycontaintracesofbolts.blogs...legations.html

Quote:
I'll put my money where my mouth is, and post a triple bounty:

I pledge USD 100 to the first person to present convincing evidence showing:

that the OpenBSD Crypto Framework contains vulnerabilities which can be exploited by an eavesdropper to recover plaintext from an IPSec stream,
that these vulnerabilities can be traced directly to code submitted by Jason Wright and / or other developers linked to Perry, and
that the nature of these vulnerabilities is such that there is reason to suspect, independently of Perry's allegations, that they were inserted intentionally—for instance, if the surrounding code is unnecessarily awkward or obfuscated and the obvious and straightforward alternative would either not be vulnerable or be immediately recognizable as vulnerable.
I pledge an additional USD 100 to the first person to present convincing evidence showing that the same vulnerability exists in FreeBSD.

Finally, I pledge USD 100 to the first person to present convincing evidence showing that a government agency successfully planted a backdoor in a security-critical portion of the Linux kernel.
__________________
use UNIX or die :-)
Reply With Quote