is there really an FBI backdoor in OpenBSD? this Theo DeRadt guy looks like he'd be happy to blow a few free millions on R&R...
>>58631304
If there is, you wouldn't know it from here. If you really care about security then you should be running Qubes OS instead, OpenBSD is nice because such a beautiful code base.
No one has ever found a backdoor, despite many searches. So there probably isn't one.
>>58631304
>FBI
lol
FBI has a budget of $2 billion a year.
They can't crack a consumer grade device.
>>58633630
NSA has a 10 billion budget. I'm assuming both agencies have more than they say however.
>>58635223
Assuredly so. But circumvention remains easier than cracking.
>>58635223
>I'm assuming both agencies have more than they say however.
nsa has 40 000 employees and probably employs triple that indirectly.
why would it be higher.
Whether there is one or not is immaterial, because if there is one on OpenBSD of all open source software projects, then there most likely is one on every single open source software project out there - including GNU/Linux. That is simply because OpenBSD is the most secure, tested and audited one out there.
The point is how the OpenBSD project responded to that rumour in comparison to how the Linux kernel project responded to similar rumours: Linux developers simply shrugged off the claims as nonsense and did jack shit about it, whereas OpenBSD conducted a complete and thorough audit of their entire codebase.
Food for thought.
>>58638314
I disagree with most secure, but I do agree with audited and that there's likely nothing in there now, if there ever was
Why would they backdoor things that are easily and frequently audited when they can backdoor shit like hard drives and cpus and mobos.
>>58636778
Because the government usually lies about shit. I'm not saying they spend more than their public budget based on any evidence. I just wouldn't be surprised if they do spend more than they say.
You guys are missing that these agencies are so clever they inserted a backdoor that masqueraded as an assertion error (instead of doing socket == 1 they did socket = 1 and started a reverse tcp shell) no amount of auditing by hipsters and dumb 3rd worlders will fix that