In computing, a backdoor is a way of bypassing security mechanisms to gain access to a resource that is otherwise secured. Backdoors give illegal access to an otherwise secured resource. A common example for a backdoor is the existence of default passwords which can be used to access the BIOS of a computer. Very often, special programs that run on a computer provide the functionality of a backdoor.
List of known backdoors in standards[change | change source]
- the MD2 algorithm was found in the 1996 announcement of RFC6149 to have a backdoor
- Ron Rivest's MD4 hash was found in the 2011 announcement of RFC6150 to have a backdoor
- Rivest's MD5 hash was shown to have several weaknesses in 1996 by Hans Dobbertin
- SHA-0 (aka FIPS-180) was withdrawn after CRYPTO '98
- SHA-1 (aka FIPS-180-1) was shown to be attackable in 2005 by Eli Biham and co-authors, as well as Vincent Rijmen and Elisabeth Oswald
- The Dual_EC_DRBG cryptographically secure pseudorandom number generator was revealed in 2013 to have a kleptographic backdoor deliberately inserted by NSA, who also had the private key to the backdoor.
References[change | change source]
- Gary Kessler, "An Overview of Cryptography", sec 3.3
- [Biham et al, LNCS3494 pp.36-57: "Advances in Cryptology - EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005"]