Backdoor (computing)
In computing, a backdoor is a way of bypassing security mechanisms to gain access to a resource that is otherwise secured. Backdoors give illegal access to an otherwise secured resource. A common example for a backdoor is the existence of default passwords which can be used to access the BIOS of a computer. Very often, special programs that run on a computer provide the functionality of a backdoor.
List of known backdoors in standards
- the MD2 algorithm was found in the 1996 announcement of RFC6149 to have a backdoor[1]
- Ron Rivest's MD4 hash was found in the 2011 announcement of RFC6150 to have a backdoor[1]
- Rivest's MD5 hash was shown to have several weaknesses in 1996 by Hans Dobbertin[1]
- SHA-0 (aka FIPS-180) was withdrawn after CRYPTO '98[2]
- SHA-1 (aka FIPS-180-1) was shown to be attackable in 2005 by Eli Biham and co-authors, as well as Vincent Rijmen and Elisabeth Oswald[2]
- The Dual_EC_DRBG cryptographically secure pseudorandom number generator was revealed in 2013 to have a kleptographic backdoor deliberately inserted by NSA, who also had the private key to the backdoor.