[Cryptography] Juniper & Dual_EC_DRBG
Danny Muizebelt
dannym at packetloss.at
Wed Dec 23 03:44:48 EST 2015
On Tue, Dec 22, 2015 at 11:58 PM, Ray Dillinger <bear at sonic.net> wrote:
>
> My only remaining question is where did the bribe money
> go?
>
If you are forced by FISA I assume you don't get any compensation for
putting the reputation of your multi-billion dollar organization at risk.
You are correct, the best the NSA could offer was plausible deniability for
Juniper. Even if it really was a 3rd party hack Juniper would cover their
asses by claiming they used "Best Practices" security policies.... As if
that is enough. But it is enough for the general public. "Ooooh.... it must
have been some "2up3r 1337 h4x0r", nobody can protect themselves against
THEM!"
-Danny
*"**Politicians are like babies' nappies: they should both be changed
regularly and for the same reasons."*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151223/0e0b29ff/attachment.html>
More information about the cryptography
mailing list