[Cryptography] Juniper & Dual_EC_DRBG

Henry Baker hbaker1 at pipeline.com
Tue Dec 22 11:05:42 EST 2015

At 02:49 PM 12/21/2015, Emilien Gaspar wrote:
>oy, it seems that Juniper used Dual_EC_DRBG with their own backdoored constants[0].
>Worse, they discovered that some constants was changed to insert a backdoor in ScreenOS that allow passive VPN decryption.
>It's not exactly clear how, but agl report on his blog[1] after a twitter conversion that it might be a simple replacement of the backdoored constants of Dual_EC_DRBG used in ScreenOS.
>One thing that I still don't understand is their custom paramters for the curve used by Dual_EC and what was exactly modified by the attacker.
>Do we have more explanations now ?
>:-) eg.
>[0]: https://kb.juniper.net/InfoCenter/index?page=content&id=KB28205&pmv=print&actp=LIST
>[1]: https://www.imperialviolet.org/2015/12/19/juniper.html

I'm seeing hands in cookie jars... Also,

The louder he talked of his honor, the faster we counted our spoons...

'The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door'

'... because of the sophistication involved'  ;-)


Newly discovered hack has U.S. fearing foreign infiltration

More information about the cryptography mailing list