Search the Community

Flaws with the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) were found in 2007. Dan Shumow and Niels Ferguson, pointed out that using it with elliptic curve points generated by the NSA could allow encryption to be broken. Juniper Networks discovered unauthorized VPN-decryption code inside its NetScreen firewall firmware in 2015. It was attributed to Juniper’s decision to use the NSA-designed Dual EC Pseudorandom Number Generator. The backdoor had likely been added to Juniper products as far back as 2008 at the request of a ‘customer’. In 2018, US Senator Ron Wyden’s staffers were told by the NSA that it had backfired when a foreign government exploited the weak encryption scheme in Jupiter’s ScreenOS. A ‘lessons learned‘ report had been written but Wyden’s spokesperson Keith Chu told Reuters that the NSA now claims it can’t find the file. Sources: https://www.reuters.com/article/us-usa-security-congress-insight-idUSKBN27D1CS https://cacm.acm.org/magazines/2018/11/232227-where-did-i-leave-my-keys/fulltext https://www.theregister.com/2020/10/28/nsa_backdoor_wyden/ https://www.theregister.com/2020/06/10/congress_juniper_letter/ https://www.theregister.com/2015/01/14/nsa_sorry_we_borked_nist_encryption_well_sorry_we_got_caught/