Juniper Networks to stop using NSA-developed code
11 Jan 2016
Networking products maker Juniper Networks Inc said late on Friday it would stop using a piece of security code that, according to analysts, was developed by the National Security Agency in order to eavesdrop through technology products, Reuters reported.
According to the Silicon Valley maker of networking gear, it would ship new versions of security software in the first half of this year to replace that relied on numbers generated by Dual Elliptic Curve technology.
The statement posted on a blog came a day after the presentation at a Stanford University conference, of research, by a team of cryptographers who found that the company's code had been changed in different ways during 2008 to allow eavesdropping on virtual private network sessions by customers.
The Sunnyvale-based company, last month said it had found and replaced two unauthorised pieces of code that allowed "back door" access, that, according to the researchers had appeared in 2012 and 2014.
According to researcher Hovav Shacham of the Univeristy of California, San Diego, the 2014 back door was straightforward, allowing anyone with the right password to see everything.
Shacham and his fellow investigators said the 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop.
Senior VP and CIO Bob Worrall wrote that the Dual_EC and ANSI X9.31 crypto will both be replaced by ''the same random number generation technology currently employed across our broad portfolio of Junos OS products''.
Juniper released an update following the discovery of the ''unauthorised code'', discovered in December.
Stephen Checkoway of the University of Chicago and a group of high-profile collaborators (including Johns Hopkins cryptographer Matt Green and Metasploit's HD More) wrote in December that the ScreenOS Dual_EC implementation inexplicably used a 32-bit 'nonce' (a use-once number generated while initialising an encrypted channel), The Register reported.
The longer nonce made it much easier to recover encrypted communications, and most crypto authors settled on a 20-byte nonce.
