Backdoor (computing)

In computing, a backdoor is a way of bypassing security mechanisms to gain access to a resource that is otherwise secured. Backdoors give illegal access to an otherwise secured resource. A common example for a backdoor is the existence of default passwords which can be used to access the BIOS of a computer. Very often, special programs that run on a computer provide the functionality of a backdoor.

List of known backdoors in standards

• the MD2 algorithm was found in the 1996 announcement of RFC6149 to have a backdoor^[1]
• Ron Rivest's MD4 hash was found in the 2011 announcement of RFC6150 to have a backdoor^[1]
• Rivest's MD5 hash was shown to have several weaknesses in 1996 by Hans Dobbertin^[1]
• SHA-0 (aka FIPS-180) was withdrawn after CRYPTO '98^[2]
• SHA-1 (aka FIPS-180-1) was shown to be attackable in 2005 by Eli Biham and co-authors, as well as Vincent Rijmen and Elisabeth Oswald^[2]
• The Dual_EC_DRBG cryptographically secure pseudorandom number generator was revealed in 2013 to have a kleptographic backdoor deliberately inserted by NSA, who also had the private key to the backdoor.