ReadWriteEnterprise

It's only a few weeks now before the annual security conference that bears the initials of the first commercial implementers of cryptographic security outside the government security sector. Just in time for RSA, a team of researchers based in Switzerland say they have uncovered evidence of a new flaw in the way public keys are generated using the RSA algorithm. Those researchers include a certain, notable Dutch professor who used to make hacker headlines of his own back in the day.

Although the Swiss team's conclusions are being questioned by some respected names, their data indicates one more reason why commonly used implementations of SSL encryption may be prone to failure, and should perhaps not be trusted at all.

The FBI is being accused of planting backdoors in the security-focused open source operating system OpenBSD. OpenBSD is used in commercial security products such as firewalls from Calyptix and .vantronix. Thus far, a code audit has not revealed any backdoors in OpenBSD but some bugs have been found.

Earlier this week, OpenBSD founder Theo de Raadt forwarded an e-mail from Gregory Perry, former CTO of the defunct security company NETSEC, to the OpenBSD mailing list. NETSEC paid developers to contribute to OpenBSD during the 90s. Perry claims that former NETSEC developer Jason Wright and his development team inserted backdoors into the OpenBSD Crypto Framework under the direction of the FBI - a claim Wright firmly denies. Perry claims to be coming forward now because his 10 year nondisclosure agreement with the FBI has expired.