Search the Community

Showing results for tags 'drbg'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type



Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. Flaws with the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) were found in 2007. Dan Shumow and Niels Ferguson, pointed out that using it with elliptic curve points generated by the NSA could allow encryption to be broken. Juniper Networks discovered unauthorized VPN-decryption code inside its NetScreen firewall firmware in 2015. It was attributed to Juniper’s decision to use the NSA-designed Dual EC Pseudorandom Number Generator. The backdoor had likely been added to Juniper products as far back as 2008 at the request of a ‘customer’. In 2018, US Senator Ron Wyden’s staffers were told by the NSA that it had backfired when a foreign government exploited the weak encryption scheme in Jupiter’s ScreenOS. A ‘lessons learned‘ report had been written but Wyden’s spokesperson Keith Chu told Reuters that the NSA now claims it can’t find the file. Sources: https://www.reuters.com/article/us-usa-security-congress-insight-idUSKBN27D1CS https://cacm.acm.org/magazines/2018/11/232227-where-did-i-leave-my-keys/fulltext https://www.theregister.com/2020/10/28/nsa_backdoor_wyden/ https://www.theregister.com/2020/06/10/congress_juniper_letter/ https://www.theregister.com/2015/01/14/nsa_sorry_we_borked_nist_encryption_well_sorry_we_got_caught/