Recommended new article for inclusion: The Juniper Backdoor: A Summary

[dkg]

I noticed that there wasn't a clear reference to the Juniper failures related to DUAL_EC_DRBG in the Encryption Compendium.

This is a deeply informative case study about a range of different policies related to encryption, most prominently the likely backdoored random number generator DUAL_EC_DRBG, its attempt at use in Juniper's ScreenOS, and how this appears to have created an avenue of attack for an unknown third party.

Here's a reasonable link to an overview of the situation:

https://medium.com/@cskemmerer/the-juniper-backdoor-a-summary-209482717cd4

[kernelmethod]

Ah yeah, I'm surprised that there isn't anything on the Dual EC backdoor in there at the moment! I'll see if I can get something added in there in the next couple of weeks.

(A little tangential, but I know that the issue tracker isn't the ideal way to request new compendium entries. Right now the entire compendium curation process is performed by a team in the Law Center, but one of the goals on our roadmap after next month's presentation is to add some sort of public entry submission/suggestion mechanism.)

[dkg]

some recommended tags for this article:

• Dual_EC_DRBG
• NOBUS
• entropy
• vpn
• Juniper
• ScreenOS