Juniper blinks: firewall will nuke the NSA's favorite random number generator

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.

Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."

The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.

The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.

Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.

But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.

Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.

Juniper Networks will drop code tied to National Security Agency [Joseph Menn/Reuters]

(via Naked Capitalism)

(Image: Cloudflare)

Notable Replies

  1. Juniper has announced that it will retire Dual_EC... "in the first half of this year."

    All right, NSA, get busy. You have about nine months to come up with a new insecure algorithm.

  2. They probably lost a contract or two.

  3. Jim_R says:

    OK, so they fixed that one.
    But what assurance do we have that there is not still a backdoor of some sort?

    (and where can you get hardware that has not been exposed to this corruption?)

  4. They already have. That's why Juniper finally quit stalling. They think they they have fan danced long enough to set up plausible deniability.

  5. Sensibly, everyone who isn't rolling their own, as all eyes are on Juniper now watching for anything even faintly suspicious whereas the other options are comparatively unknown quantities.

Continue the discussion

2 more replies