The linux encryption app Cryptkeeper has a rather stunning security bug : the single-character decryption key "p" decrypts everything :
The flawed version is in Debian 9 (Stretch), currently in testing , but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem's command line interface: Cryptkeeper invokes encfs and attempts to enter paranoia mode with a simulated 'p' keypress -- instead, it sets passwords for folders to just that letter.
In 2013, Iwrote an essay about how an organization might go about designing a perfect backdoor. This one seems much more like a bad mistake than deliberate action. It's just too dumb, and too obvious. If anyone actually used Cryptkeeper, it would have been discovered long ago.
Tags:backdoors, encryption , Linux , security engineering
本文系统（linux）相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统