Dual EC Pseudorandom Number Generator


Recommended Posts

Flaws with the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) were found in 2007. Dan Shumow and Niels Ferguson, pointed out that using it with elliptic curve points generated by the NSA could allow encryption to be broken.

Juniper Networks discovered unauthorized VPN-decryption code inside its NetScreen firewall firmware in 2015. It was attributed to Juniper’s decision to use the NSA-designed Dual EC Pseudorandom Number Generator. The backdoor had likely been added to Juniper products as far back as 2008 at the request of a ‘customer’.

In 2018, US Senator Ron Wyden’s staffers were told by the NSA that it had backfired when a foreign government exploited the weak encryption scheme in Jupiter’s ScreenOS. A ‘lessons learned‘ report had been written but Wyden’s spokesperson Keith Chu told Reuters that the NSA now claims it can’t find the file.

Sources:

https://www.reuters.com/article/us-usa-security-congress-insight-idUSKBN27D1CS

https://cacm.acm.org/magazines/2018/11/232227-where-did-i-leave-my-keys/fulltext

https://www.theregister.com/2020/10/28/nsa_backdoor_wyden/

https://www.theregister.com/2020/06/10/congress_juniper_letter/

https://www.theregister.com/2015/01/14/nsa_sorry_we_borked_nist_encryption_well_sorry_we_got_caught/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.