Crypto algorithms do not have code in them. It's not possible to have a "back door" because there is no code to present as an attack vector. Instead we call it a weak cipher, the fact that it's weakness was deliberate vs accidental makes no different. Backdoors are deliberate pieces of code that open a vector for an attacker to exploit a weakness in a security system.
A cipher can be weak for several options, usually it's because of unintentional design flaws, or the field of cryptanalisys advancing.
I don't know which field you work in, but among the software developers and cryptographers I know, it's pretty uncontroversial that a backdoor isn't confined to a piece of malware planted on a server, or naughty lines of source code – it's any mechanism for gaining entry that subverts the normal authorization, usually by intentional design, but flaws can also be used for backdoor access. I'm not trying to do a full, pedantic, all-dictionary-entries definition here, but I don't know any software developers or security professionals who would disagree with this definition in the context of software/computer systems.
The Clipper system had a government backdoor from it's key escrowing design, while the Skipjack algorithm itself used by the system seemd to be sound. (I wonder if Clipper would have had any success if the US government hadn't been so blunt about the backdoor aspect).
The Dual_EC_DRBG algorithm has a backdoor by design – this is an uncontroversial fact. The Wikipedia entry has sources. Bruce Schneier's "The Strange Story of Dual_EC_DRBG" post has information. The Bernstein, Lange, and Niederhagen "Dual EC: A Standardized Back Door" paper is a good read, and so are Matthew Green's blog posts in the "Dual EC" category.
Heck, the backdoor is even part of the patent application – citing the "Dual EC: A Standardized Back Door" paper, so you don't have to taint yourself with reading patents:
The Canadian company Certicom (now part of Blackberry) has patents in mul-
tiple countries on
– Dual EC exploitation: the use of Dual EC for key escrow (i.e., for a deliberate
back door) and
– Dual EC escrow avoidance: modifying Dual EC to avoid key escrow.
You might disagree on the definition of "backdoor", which is fair. I've tried to explain what I understand by the term, but I won't split hairs if you want to use a more narrow definition – that might make sense in the contexts you operate in. But it's well-documented that Dual_EC_DRBG isn't just a "oh oops, we dun goofed" weak design, it has deliberate weaknesses, and NSA pushed hard for NIST to mandate it as a standard algorithm with provided curve parameters.
I realize the references above can be seen as appealing to authority, but the mentioned people are domain experts in the field of security 🤷♂️
Facebook
Twitter
Instagram