The famous VPN provider 'Private Internet Access' (PIA) had released a patch for the native OpenVPN client with a reason that if customers apply this patch to their native clients - they would then get access to the higher bit encryption settings, otherwise their server would respond with only one algorithm.
PIA site having patch code:
Can any programmer here analyse what is the use of the random string (highlighted Red) in the Patch code? Could it be used as a backdoor key?
+ char settings_msg[2048], md5hex[33];
+
+ struct key_type kt = session->opt->key_type;
+ if (!session->opt->server && pia_signal_settings && ks->initial_opcode == P_CONTROL_HARD_RESET_CLIENT_V2) {
+ sprintf(settings_msg, "%s%scrypto\t%s|%s\tca\t%s",
+ " ", // space for xor key
+ "53eo0rk92gxic98p1asgl5auh59r1vp4lmry1e3chzi100qntd",
+ kt.cipher ? kt_cipher_name(&kt) : "none",
+ kt.digest ? kt_digest_name(&kt) : "none",
+ pia_ca_digest ? pia_ca_digest : "X");
+ int len = strlen(settings_msg);
+ pia_obfuscate_options(settings_msg, len);
+ buf_write(buf, settings_msg, len);
+ }