Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG

NSA It was the NSA a while ago. Then RSA a few years back. Then NIST finally removed it from being an approved algorithm. And most recently Juniper got into the hang of things.

If there are any vendors out there that STILL have Dual_EC RNG in their code, now would be a great time to remove it lest you get outed by a security researcher.

Juniper will finally(!) replace the Dual_EC pseudo-random number generator in ScreenOS with the same random number generation technology currently used in its products running Junos OS. At the same time, ScreenOS will also stop using the ANSI X9.31 number generator.

If you’re wondering why that news is important, you probably didn’t follow the ruckus started by the December revelation that Juniper’s NetScreen firewall devices running ScreenOS contained vulnerabilities that opened backdoors into the devices and allowed attackers to decrypt of VPN connections undetected.

The revelation sparked additional research and disclosures, as well as speculation about who planted those backdoors.

Continued here.

#####

Today’s post pic is from Wikipedia.org. See ya!

2 comments for “Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG

  1. January 13, 2016 at 9:27 pm

    Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG https://t.co/vpeIxcEjwJ

  2. January 13, 2016 at 10:40 pm

    BLOGGED: Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG https://t.co/zjZFZF4Dop

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.