[Cryptography] Juniper & Dual_EC_DRBG
Natanael
natanael.l at gmail.com
Tue Dec 22 10:41:39 EST 2015
Den 22 dec 2015 16:32 skrev "Emilien Gaspar" <y at dud-t.org>:
>
> oy,
>
> it seems that Juniper used Dual_EC_DRBG with their own backdoored
> constants[0]. Worse, they discovered that some constants was changed to
> insert a backdoor in ScreenOS that allow passive VPN decryption. It's
> not exactly clear how, but agl report on his blog[1] after a twitter
> conversion that it might be a simple replacement of the backdoored
> constants of Dual_EC_DRBG used in ScreenOS.
>
> One thing that I still don't understand is their custom paramters for
> the curve used by Dual_EC and what was exactly modified by the attacker.
>
> Do we have more explanations now ? :-)
>
> eg.
>
> [0]:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB28205&pmv=print&actp=LIST
> [1]: https://www.imperialviolet.org/2015/12/19/juniper.html
Backdoor proof of concept with custom parameters:
https://blog.0xbadc0de.be/archives/155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151222/81b6b578/attachment.html>
More information about the cryptography
mailing list