Building a Cryptographic Backdoor in OpenSSL

Building a Cryptographic Backdoor in OpenSSL – Lei Shi, Allen Cai


Unlike common examples of a backdoor, cryptographic backdoors are the field of surreptitiously weakening cryptographic systems such as deliberately inserting vulnerabilities to a pseudorandom number gen-erator to make cryptanalysis easier. OpenSSL as become since many years ago, the defacto library/tool for implementing cryptographic protocols into our applications and secure them. In this talk, we will try to modify the code of OpenSSL to bulid a new method of cryptographic backdoor, and then the attacker can easy decrypt the encryption data by RSA or ECC.


Lei Shi is a security researcher of 360-CERT, mainly focus on cryptography security and vulnerability discovery. He has discovered 100+ bugs and gained 20+ CVEs(E.g: SSL Death Alert) from OpenSSL, OpenSSH, VMware. He obsesses with math and computer security, and currently is working on Windows Search protocol security, Linux kernel security and development of vulnerability discovery tools. He has made talks at BlueHat2017, SysCAN.