Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm (threatpost.com) 78

msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper's NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. 'And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.'
This discussion has been archived. No new comments can be posted.

Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Monday January 11, 2016 @11:12PM (#51283897)

    We really need to resurrect the House Un-American Activities panel. It sure seems to me that the NSA is hellbent on destroying American networking and computing companies - and that's about as Un-American as it gets.

    • by Pseudonym ( 62607 ) on Monday January 11, 2016 @11:40PM (#51284031)

      I'm not American, and even I know that's not what you want. What you want is a new round of Church [wikipedia.org] and Pike [wikipedia.org] committee hearings.

    • NSA = No Sales for America

      I find it shocking that articles about the NSA seem to start from the assumption that, except for the theft of a huge amount of data by an employee of a sub-contractor, Edward Snowden [wikipedia.org], the NSA is well managed. To me, it is utterly obvious that the NSA is not well managed.

      If NSA employees can listen to all telephone calls, do you think that none of them notice an increase of traffic at a company and listen to the recordings to find stock tips?

      My perception is that governments don't manage technology companies well. (NASA and the U.S. Department of Energy, for example.) Part of the reason is that the best technology people want to work for organizations that are known for their good work. A government, especially a secret government agency, cannot hire the kind of people who are creative with technology. What technology genius wants to go to prison if he talks about his work?

      I posted links to 8 more articles about Juniper Networks below [slashdot.org]. A quote from one of them:

      "Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said."

      It is definitely not reasonable to think that the NSA can hire people who are smarter than all those who want to break into computer systems. Cryptographic backdoors are a bad idea, and not only because they kill the sales of any nation that sponsors them.

      When a government agency can break into any company's affairs, do you think the managers never take advantage of that information to make money?

      Who chooses the sub-contractors, and decides how much they are paid? Suppose a relative of an NSA manager owns a contracting company?

      Secrecy causes huge problems. It is difficult or impossible to review the quality of management. Bad managers can hide their mistakes. That effectively assures that the management will be poor.

      Also, democracy works only if citizens can know what the government is doing.

      The NSA is based on an idea that just does not function correctly, and cannot be made to function correctly.
      • by swb ( 14022 )

        But technology people go to work for all kinds of companies who do boring work nobody wants to hear about. Or they go to work for a company which maybe a lot of people DO want to hear about, like Apple, but they sign all kinds of secret contracts the swear them to secrecy and ruinous poverty if they reveal them.

        And I think many people in technology work because the technology itself is interesting to work with, the purpose for which it is being used for, whether selling rutabagas or insurance, they really

      • If NSA employees can listen to all telephone calls, do you think that none of them notice an increase of traffic at a company and listen to the recordings to find stock tips?

        Bingo. Through this abuse, the NRA is now self-funding (at least for off-shore executive 'bonuses').

    • We really need to resurrect the House Un-American Activities panel. It sure seems to me that the NSA is hellbent on destroying American networking and computing companies - and that's about as Un-American as it gets.

      Maybe we could get Trump to run it...

      (joking)

  • by Anonymous Coward

    They were a backdoored company with backdoored code running a backdoored algorithm. What's the question? Never buy anything they ever touch again. They are just poison.

    If there's a question in your mind, you aren't thinking clearly.

    • by Hizonner ( 38491 )

      That's dumb.

      There are going to be spooks out there trying to subvert any major company. Probably spooks from more than one place. They will pressure the bosses. They will pressure peons without telling the bosses. They will penetrate. They will infiltrate. They will do it to everybody. That is what spooks do.

      And they'll get success more or less at random. And that's on top of all the "organic" bugs they will find and exploit.

      And people move between these companies all the time.

      The strangest thing about this

      • That's dumb.

        There are going to be spooks out there trying to subvert any major company. Probably spooks from more than one place. They will pressure the bosses. They will pressure peons without telling the bosses. They will penetrate. They will infiltrate. They will do it to everybody. That is what spooks do.

        And they'll get success more or less at random. And that's on top of all the "organic" bugs they will find and exploit.

        And people move between these companies all the time.

        The strangest thing about this Juniper back door is how obvious it was. Maybe it was a rookie agent.

        The lesson you need to take from this is that you can't really trust anything against certain adversaries unless you built it yourself. And then you can't trust the parts. So if the spooks are your worry, you'd better defend in depth and keep off the radar.

        I don't understand why their share value hasn't dropped like a stone

        • Because what is the alternative to Juniper? Cisco? Alcatel? Huawei? Most likely they have the same issues.
    • by scsirob ( 246572 ) on Tuesday January 12, 2016 @05:22AM (#51285083)

      Intel has just acknowledged a bug in their Skylake CPU's that surfaces when calculating prime numbers. Prime numbers happen to be heavily used in crypto. Is this a genuine bug, or a microcode backdoor-gone-rogue that can be exploited by some agencies?
      https://communities.intel.com/... [intel.com]

      So are you never going to buy an Intel product again?

    • Have you ever considered that they did all of these things in the same release because they WANTED to tell the world but couldn't? Think about it.

  • Should we go back to telnet?

    • No, but its replacement SSH is fine. Just encrypt your data prior to the SSL send and decrypt it on the other end of the SSL link. They might get your SSL encrypted data, but that is where the real work begins.
    • What do you mean GO BACK to telnet? Juniper still uses telnet. TFA (the friendly article) says . . .

      "The announcement comes just shy of a month after Juniper said it had found unauthorized code in ScreenOS that allowed for the decryption of NetScreen firewall traffic and a second issue that allowed for remote unauthorized access to NetScreen appliances via SSH or telnet."
  • Meet face to face, use a one time pad, number stations. Type on paper in a secure vault.
    At a national level stop importing and using export grade junk standard crypto and create your own trusted networking systems.
    It will be expensive, slow, hard to cool, power demanding work but it will be your own system that is fully tested and understood from the domestic fab up.
    Local staff and experts loyalties are a lot more easy to ensure long term than allowing fully imported hardware on secure gov networks.
    It
  • The NSA is strong in this one. Feel the NSA Luke! Feel its power! Be drawn in to the power of the ??? side...

  • by Foxhoundz ( 2015516 ) on Monday January 11, 2016 @11:42PM (#51284043)
    I think the NSA is doing what NSA needs to do. That being said, if they forcefully compel a company to allow backdoor into products, the government should be prepared accept all subsequent financial liability (that is, bail out the company) that would likely arise as a result of the would-be PR disaster. No private company should stick their neck out for the government.
    • To accept any level of liability is tantamount to an admission of guilt. Don't hold your breath.
    • The NSA is actually going against their mission statement. Their job is to collect data from outside the country and make sure the networks inside this country are secure. With them inserting backdoors into routers, and having supposedly broken SSL/TLS and not revealing to anyone what the security holes are, or how they're able to decrypt traffic, they moved way past their directive and are going to destroy silicone valley at some point.
    • They work in the opposite way. If you don't do what they want, then they blackball you and f*** you over as much as possible, even going so far as to trump up some charges for your CEO after they do everything they can to bankrupt you.

    • Are you insane? (Score:5, Insightful)

      by Okian Warrior ( 537106 ) on Tuesday January 12, 2016 @01:03AM (#51284291) Homepage Journal

      I think the NSA is doing what NSA needs to do. That being said, if they forcefully compel a company to allow backdoor into products, the government should be prepared accept all subsequent financial liability (that is, bail out the company) that would likely arise as a result of the would-be PR disaster. No private company should stick their neck out for the government.

      Are you nuts?

      An entrepreneur with an idea starts a business, builds it over the course of many years, has a sizeable value and clientelle and personal integrity and a duty to stockholders.

      The NSA compels him to put a backdoor in his product, so that if it's found out he loses credibility, his business loses value, clients (especially international ones) flee to other products, stockholders lose value, and in all probability workers lose jobs...

      And you think this is OK because the government will bail him out?

      Bail out what?

      The company might very well be irrecoverable, and in any event the owner might want the company more than its monetary book value (because he likes running the business, or because he wants to leave something to his kids), and the government isn't known for paying book value on eminent domain seisures.

      In addition, knowing that the NSA does this to one company, customers abroad assume that they have done this to many others, and avoid American products in general. Our economy takes a big hit, people are unemployed and miserable, the government has less tax money to do things, and we're less safe because of it.

      Your position has no rational logic. Are you insane?

    • I think the NSA is doing what NSA needs to do. That being said, if they forcefully compel a company to allow backdoor into products, the government should be prepared accept all subsequent financial liability (that is, bail out the company) that would likely arise as a result of the would-be PR disaster. No private company should stick their neck out for the government.

      And what about the trickle down damage to end customers or anyone in the compromised chain? Maybe said victims have gone out of business or committed suicide as a result of the compromise of private information that wouldn't have otherwise been compromised - how do you give that back to them with money?

      No. The government should not require companies to put back doors in security products as all it does is increase insecurity for the sake of security theater.

  • by Anonymous Coward

    Firefox turned off SHA-1 signed certificates as of Jan 1, 2016. Good riddance. SHA-1 was weak. And all was well until last week.

    It seems someone went and filed a bug report about being stuck behind an old security filter that still uses SHA-1 and now they can't do https. Sorry about that. Maybe we could offer an optional patch to get you folks back on line until your crappy IT department gets its act together and fixes your firewall. And the rest of the world could go on about their business, knowing that

  • Why Dual EC? (Score:5, Interesting)

    by TechyImmigrant ( 175943 ) on Tuesday January 12, 2016 @01:50AM (#51284425) Homepage Journal

    I'm an implementor of non backdoored RNGs that are very widely deployed. However to be able to do that well you need to understand the many ways how to backdoor RNGs, so you can take preventative measures to prevent other people backdooring your design.

    So I know many ways to backdoor an RNG. If I was trying to do that, why would I choose an RNG that was already widely known to be backdoored?

    So either they are back at backdooring, or not good at not backdooring.

    • Re:Why Dual EC? (Score:4, Informative)

      by ioErr ( 691174 ) on Tuesday January 12, 2016 @08:26AM (#51285677)

      ScreenOS uses Dual EC in a strange, non-standard way. Rather than generating all of their random numbers with Dual EC (which would be slow), they only use Dual EC to generate a seed for a fast 3DES-based generator called ANSI X9.17. Since that generator is actually FIPS-140 approved and generally believed to be sufficient to the purpose, it's not clear what value Dual EC is really adding to the system in the first place -- except, of course, its usefulness as a potential backdoor.

      The good news here is that the post-processing by ANSI X9.17 should kill the Dual EC backdoor, since the attack relies on the attacker seeing raw output from Dual EC. The ANSI generator appears to completely obfuscate this output, thus rendering Dual EC "safe". This is indeed the argument Juniper made in 2013 when it decided to leave the Dual EC code in ScreenOS.

      http://blog.cryptographyengine... [cryptograp...eering.com]

      • >3DES-based generator called ANSI X9.17. Since that generator is actually FIPS-140 approved

        Not any more it isn't. X9.82/SP800-90 replaced it and X9.17 has now been deprecated for FIPS 140 module certification.

  • NSA Helped British Spies Find Security Holes In Juniper Firewalls [theintercept.com] Quote: "... British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks..."

    Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors [wired.com] Quote: "This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire."

    New Discovery Around Juniper Backdoor Raises More Questions About the Company [wired.com] Quote: "Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system."

    Juniper 'fesses up to TWO attacks from 'unauthorised code' [theregister.co.uk]

    'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS [theregister.co.uk] Quote: "And it may have been there since 2008, making this a late contender for FAIL of the year."

    How to log into any backdoored Juniper firewall -- hard-coded password published [theregister.co.uk]

    Juniper promises to fix ScreenOS cryptography ... eventually [infoworld.com]

    Listen up, FBI: Juniper code shows the problem with backdoors [infoworld.com] Quote: "FBI director James Comey should be taking notes: The Juniper debacle shows why security experts are up in arms over government-ordered backdoors."

    Another quote from that article:

    "Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said.
  • I think the NSA is doing what NSA needs to do.

    Based on what evidence? What do you know about how any of this was leveraged or why it was done?

    That being said, if they forcefully compel a company to allow backdoor into products,

    What do you mean by force? Withholding contracts? Bribes? Vindictive leverage of regulatory sticks?

    the government should be prepared accept all subsequent financial liability (that is, bail out the company) that would likely arise as a result of the would-be PR disaster.

    LOL

    No private company should stick their neck out for the government.

    Have no fear CISA is here.

  • Who's On Our Side? (Score:4, Interesting)

    by mentil ( 1748130 ) on Tuesday January 12, 2016 @03:34AM (#51284723)

    Step 1: Privately encourage companies to utilize 'govt. compliant' encryption routines 'for security purposes', implied to be tied to govt. contracts.
    Step 2: Hire everyone you can who has the education needed to understand said cryptographic schemes. No amount of money is too high.
    Step 3: Enjoy the brain drain. Every person who works for you is a person who doesn't work for those you want to surveil (i.e. everyone else).
    Step 4: Watch public and private sector security researchers be overwhelmed by the sheer number of ways and places to be compromised, and realize you don't have to backdoor everything your targets use, merely ONE of the things they use. Of course, very few researchers who can understand the cryptography involved, aren't on your payroll.

    TL;DR: the attackers outnumber the defenders so overwhelmingly that the latter can't keep up with the former.

  • Leave it up to /. to assume it's about some giant conspiracy. In reality it's almost definitely about an elliptical curve patent troll. Aka most companies don't care about politics, they care about money.

    http://www.theregister.co.uk/2... [theregister.co.uk]

    Tons of companies have been sued over this in the last few months. Given the perfectly good alternatives, why would any company not remove EC from their products?

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal

Working...