Last month, Juniper Networks – a company that supplies security software to the likes of AT&T, Verizon, NATO, and the US Government – reported that it had found what it described as “unauthorised code” – effectively a backdoor – in its NetScreen firewall software, through which it was possible for a third-party to decrypt data sent through it using an encrypted VPN (Virtual Private Network), and that had existed since at least 2012.
Now, Wired reports that Juniper has fallen silent on the matter, refusing to discuss an insecure encryption algorithm within the software that essentially allowed the backdoor to be inserted. Juniper refuses to explain why Dual_EC, a pseudo-random number generator, was included in NetScreen, or why it still exists within the software even after the backdoor revelation.
Stephen Checkoway, a Computer Science lecturer from the University of Chicago, discovered that Juniper knowingly added the insecure Dual_EC to its software, despite having a more secure ANSI algorithm in place. Dual_EC was added to NetScreen version 6.2.0 in either 2008 or 2009, while the vulnerabilities in Dual_EC were revealed in 2007.
Even more explicably, Juniper then changed the nonce (random number string) size within the algorithm, from 20 bytes to 32 bytes. 32 bytes was the optimal size for exploitation by hackers, according to the data revealed in 2007.
“The more output you see [from the generator], the better [it is to crack the encryption],” Checkoway said. “Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second.”
While it was Juniper that revealed the existence of this backdoor, it seems that it facilitated its creation, and has done nothing to fix it since.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…