Posted on 01/11/2016 7:41:57 PM PST by Fhios
Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system.
And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen VPNs, and why a number of strange coding and engineering decisions were made that could have facilitated the decryption of secure traffic.
(Excerpt) Read more at threatpost.com ...
Dang, that isn't much better. Sorry.
"It's very bizarre. I've never seen anything like that before where gone from something that was working and written in a standard manner to something as strange as this," he said. It's that bug that enabled another attacker to replace the Dual_EC constant - thought to belong to the NSA - with their own constant."The very presence of Dual_EC enabled a third party to simply change a constant and make it so they were able to decrypt VPN traffic," Checkoway said...
This is an example of why the kind of backdoor access our security agencies want is a bad idea. Other people find the back door and pretty soon everybody and his cousin are busy reading other people's private information.
I do NOT trust the hardware RNG that many processor types have built in.
Just too tempting for government to bribe or threaten hardware manufacturers into weakening.
I build my own RNG using something like diode noise as a source.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.