Green: On the Juniper backdoor

Here's an interesting article from cryptographer Matthew Green on how the Juniper backdoor is the least interesting part of this whole episode. "Thus Dual EC is safe only if you assume no tiny bug in the code could accidentally leak out 30 bytes or so of raw Dual EC output. If it did, this would make all subsequent seeding calls predictable, and thus render all numbers generated by the system predictable. In general, this would spell doom for the confidentiality of VPN connections. And unbelievably, amazingly, who coulda thunk it, it appears that such a bug does exist in many versions of ScreenOS, dating to both before and after the 'unauthorized code' noted by Juniper."

Comments (none posted)