Backdoor (computing)

In computing, a backdoor is a way of bypassing security mechanisms to gain access to a resource that is otherwise secured. Backdoors give illegal access to an otherwise secured resource. A common example for a backdoor is the existence of default passwords which can be used to access the BIOS of a computer. Very often, special programs that run on a computer provide the functionality of a backdoor.

List of known backdoors in standards[change | change source]

the MD2 algorithm was found in the 1996 announcement of RFC6149 to have a backdoor^[1]
Ron Rivest's MD4 hash was found in the 2011 announcement of RFC6150 to have a backdoor^[1]
Rivest's MD5 hash was shown to have several weaknesses in 1996 by Hans Dobbertin^[1]
SHA-0 (aka FIPS-180) was withdrawn after CRYPTO '98^[2]
SHA-1 (aka FIPS-180-1) was shown to be attackable in 2005 by Eli Biham and co-authors, as well as Vincent Rijmen and Elisabeth Oswald^[2]
The Dual_EC_DRBG cryptographically secure pseudorandom number generator was revealed in 2013 to have a kleptographic backdoor deliberately inserted by NSA, who also had the private key to the backdoor.

References[change | change source]

↑ ^1.0 ^1.1 ^1.2 Gary Kessler, "An Overview of Cryptography", sec 3.3
↑ ^2.0 ^2.1 [Biham et al, LNCS3494 pp.36-57: "Advances in Cryptology - EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005"]

[kessler-1] 1.0 ^1.1 ^1.2 Gary Kessler, "An Overview of Cryptography", sec 3.3

[biham-2] 2.0 ^2.1 [Biham et al, LNCS3494 pp.36-57: "Advances in Cryptology - EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005"]

[1]

[2]