Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm

msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper's NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. 'And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.'

Re:NSA has ruined the American tech sector

[hawguy]

Considering we don't manufacture much of anything anymore, and Silicon Valley was one of our few shining beacons of prosperity, I wonder how the traitorous assholes at NSA sleep at night. Was it worth it?

Why assume it came from the NSA? Since, as you say, we don't manufacture much of anything anymore (including software which is increasing outsourced), and Juniper has development offices around the world, then the backdoor could have come from any number of foreign governments.