Discussion:
[Dailydave] Question re: Juniper
Dave Aitel
2017-04-20 19:37:05 UTC
Permalink
Did Juniper actually fix the many bugs that led to the potential for
backdoor access via the trojaned random number generator, or just change
the key back to the original?

In other words, if I have the private key, can I still decrypt Juniper VPN
traffic, or no?

-dave
Joshua
2017-04-20 20:32:02 UTC
Permalink
Why are you asking Dave? Do you have a database of traffic you need to decrypt for a customer?

Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.

-------- Original Message --------
Subject: [Dailydave] Question re: Juniper
Local Time: April 20, 2017 3:37 PM
UTC Time: April 20, 2017 7:37 PM
From: ***@gmail.com
To: ***@lists.immunityinc.com <***@lists.immunityinc.com>

Did Juniper actually fix the many bugs that led to the potential for backdoor access via the trojaned random number generator, or just change the key back to the original?

In other words, if I have the private key, can I still decrypt Juniper VPN traffic, or no?

-dave
Dave Aitel
2017-04-20 22:20:13 UTC
Permalink
No I want to know if they fixed the backdoor or simply restored it to the
original owner :)
Post by Joshua
Why are you asking Dave? Do you have a database of traffic you need to
decrypt for a customer?
Sent from ProtonMail <https://protonmail.ch>, encrypted email based in
Switzerland.
-------- Original Message --------
Subject: [Dailydave] Question re: Juniper
Local Time: April 20, 2017 3:37 PM
UTC Time: April 20, 2017 7:37 PM
Did Juniper actually fix the many bugs that led to the potential for
backdoor access via the trojaned random number generator, or just change
the key back to the original?
In other words, if I have the private key, can I still decrypt Juniper VPN traffic, or no?
-dave
Laurens Vets
2017-04-21 04:21:26 UTC
Permalink
Post by Joshua
Did Juniper actually fix the many bugs that led to the potential for backdoor access via the trojaned random number generator, or just change the key back to the original?
In other words, if I have the private key, can I still decrypt Juniper VPN traffic, or no?
-dave
If you're talking about the Dual_EC stuff in ScreenOS, yes, allegedly
Juniper completely removed that RNG:

https://arstechnica.com/security/2016/01/juniper-drops-nsa-developed-code-following-new-backdoor-revelations/
Loading...