The claims were made by Gregory Perry, a former OpenBSD developer who now heads a company in Florida named GoVirtual Education; it offers VMWare training.
In an email to the head of the OpenBSD project, Theo de Raadt, Perry accused a couple of people by name of implementing the backdoors.
De Raadt posted the mail to the openbsd-tech mailing list.
A developer named Scott Lowe was one of those named by Perry; he was tracked down by Brian Profitt, a tech writer for ITWorld and former editor of LinuxToday.
Profitt wrote that he had encountered two people with this name and that both had denied any involvement.
A second person, named Jason L. Wright, posted to the same thread that De Raadt began, saying, in part: "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF)."
In the same thread, Damien Miller, a Melbourne-based OpenSSH developer, detailed what he called a "few, obvious ways" in which plaintext or key material could be leaked.
Miller also pointed out that as US citizens or foreign citizens working in the US were never allowed to work on cryptographic code, direct interference in such code was unlikely.
"(OpenSSH and OpenBSD developer) Niels Provos used to make trips to Canada to develop OpenSSH for this reason," he wrote.
These restrictions are due to the US government's stance on the export of cryptographic code.