December 22, 2015
The NSA’s subversion of encryption standards may have come home to roost.
As more eyes examine the Juniper backdoor in ScreenOS, the operating system standing up its NetScreen VPNs, it’s becoming clear that someone backdoored the NSA backdoor in Dual_EC_DRBG, opening the door to passive decryption of any VPN traffic moving through a NetScreen gateway.
Juniper’s documentation for NetScreen and ScreenOS shows that it uses Dual_EC-DRBG in a non-conventional way to implement a random number generator used to encrypt VPN traffic. The NSA is alleged to have subverted Dual_EC_DRBG so that it controls one of the values used to generate keys, allowing it to predict outputs, according to documents that surfaced from the Snowden leaks that provided details on the spy agency’s Project BULLRUN.