Slashdot Mirror

← Back to Stories (view on slashdot.org)

Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm (threatpost.com)

Posted by samzenpus on from the raise-shields dept.

msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper's NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. 'And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.'

8 of 78 comments (clear)

  1. A 1950s idea, repurposed for today by 93+Escort+Wagon · · Score: 4, Interesting

    We really need to resurrect the House Un-American Activities panel. It sure seems to me that the NSA is hellbent on destroying American networking and computing companies - and that's about as Un-American as it gets.

    --
    #DeleteChrome
    1. Re:A 1950s idea, repurposed for today by Pseudonym · · Score: 4, Interesting

      I'm not American, and even I know that's not what you want. What you want is a new round of Church and Pike committee hearings.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    2. Re:A 1950s idea, repurposed for today by Anonymous Coward · · Score: 4, Interesting

      Hyperbole helps no one. We should stick to the facts--they're sufficiently damning.
      The discovered weaknesses in Dual_EC mean no one should trust it, but It is not true that it is "known to be backdoored".

      Maybe let's put that differently. There is a known backdoor in Dual_EC. If the curve used in encryption isn't generated in a very special and safe way then it's possible to generate a curve which can be reversed by the person who generates it. Nobody knows who controls the backdoor, it's even theoretically possible that nobody does since the person generating the curve was so incompetent didn't save the key. Given that the NSA was involved in creating it and they aren't widely known to be deeply incompetent it would only be fair to assume that the NSA controls the back door.

      In other words, the design of Dual_EC is backdoored. Whether the specific implementation with a specific curve is backdoored is almost (but not quite) irrelevant.

      The Juniper case is particularly interesting because it shows a situation where a different curve was used, likely giving a different person control of the backdoor.

  2. No private company should stick their neck out by Foxhoundz · · Score: 3, Interesting

    I think the NSA is doing what NSA needs to do. That being said, if they forcefully compel a company to allow backdoor into products, the government should be prepared accept all subsequent financial liability (that is, bail out the company) that would likely arise as a result of the would-be PR disaster. No private company should stick their neck out for the government.

  3. Why Dual EC? by TechyImmigrant · · Score: 5, Interesting

    I'm an implementor of non backdoored RNGs that are very widely deployed. However to be able to do that well you need to understand the many ways how to backdoor RNGs, so you can take preventative measures to prevent other people backdooring your design.

    So I know many ways to backdoor an RNG. If I was trying to do that, why would I choose an RNG that was already widely known to be backdoored?

    So either they are back at backdooring, or not good at not backdooring.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Who's On Our Side? by mentil · · Score: 3, Interesting

    Step 1: Privately encourage companies to utilize 'govt. compliant' encryption routines 'for security purposes', implied to be tied to govt. contracts.
    Step 2: Hire everyone you can who has the education needed to understand said cryptographic schemes. No amount of money is too high.
    Step 3: Enjoy the brain drain. Every person who works for you is a person who doesn't work for those you want to surveil (i.e. everyone else).
    Step 4: Watch public and private sector security researchers be overwhelmed by the sheer number of ways and places to be compromised, and realize you don't have to backdoor everything your targets use, merely ONE of the things they use. Of course, very few researchers who can understand the cryptography involved, aren't on your payroll.

    TL;DR: the attackers outnumber the defenders so overwhelmingly that the latter can't keep up with the former.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  5. Weird: No articles about NSA management by Futurepower(R) · · Score: 5, Interesting

    NSA = No Sales for America

    I find it shocking that articles about the NSA seem to start from the assumption that, except for the theft of a huge amount of data by an employee of a sub-contractor, Edward Snowden, the NSA is well managed. To me, it is utterly obvious that the NSA is not well managed.

    If NSA employees can listen to all telephone calls, do you think that none of them notice an increase of traffic at a company and listen to the recordings to find stock tips?

    My perception is that governments don't manage technology companies well. (NASA and the U.S. Department of Energy, for example.) Part of the reason is that the best technology people want to work for organizations that are known for their good work. A government, especially a secret government agency, cannot hire the kind of people who are creative with technology. What technology genius wants to go to prison if he talks about his work?

    I posted links to 8 more articles about Juniper Networks below. A quote from one of them:

    "Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said."

    It is definitely not reasonable to think that the NSA can hire people who are smarter than all those who want to break into computer systems. Cryptographic backdoors are a bad idea, and not only because they kill the sales of any nation that sponsors them.

    When a government agency can break into any company's affairs, do you think the managers never take advantage of that information to make money?

    Who chooses the sub-contractors, and decides how much they are paid? Suppose a relative of an NSA manager owns a contracting company?

    Secrecy causes huge problems. It is difficult or impossible to review the quality of management. Bad managers can hide their mistakes. That effectively assures that the management will be poor.

    Also, democracy works only if citizens can know what the government is doing.

    The NSA is based on an idea that just does not function correctly, and cannot be made to function correctly.

  6. Re:No questions linger by scsirob · · Score: 3, Interesting

    Intel has just acknowledged a bug in their Skylake CPU's that surfaces when calculating prime numbers. Prime numbers happen to be heavily used in crypto. Is this a genuine bug, or a microcode backdoor-gone-rogue that can be exploited by some agencies?
    https://communities.intel.com/...

    So are you never going to buy an Intel product again?

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB