[Cryptography] Juniper & Dual_EC_DRBG
Emilien Gaspar
y at dud-t.org
Mon Dec 21 17:49:33 EST 2015
oy,
it seems that Juniper used Dual_EC_DRBG with their own backdoored
constants[0]. Worse, they discovered that some constants was changed to
insert a backdoor in ScreenOS that allow passive VPN decryption. It's
not exactly clear how, but agl report on his blog[1] after a twitter
conversion that it might be a simple replacement of the backdoored
constants of Dual_EC_DRBG used in ScreenOS.
One thing that I still don't understand is their custom paramters for
the curve used by Dual_EC and what was exactly modified by the attacker.
Do we have more explanations now ? :-)
eg.
[0]: https://kb.juniper.net/InfoCenter/index?page=content&id=KB28205&pmv=print&actp=LIST
[1]: https://www.imperialviolet.org/2015/12/19/juniper.html
More information about the cryptography
mailing list