On 2017-04-20 12:37, Dave Aitel wrote:
> Did Juniper actually fix the many bugs that led to the potential for backdoor
> access via the trojaned random number generator, or just change the key back
> to the original?
>
> In other words, if I have the private key, can I still decrypt Juniper VPN
> traffic, or no?
>
> -dave
If you're talking about the Dual_EC stuff in ScreenOS, yes, allegedly
Juniper completely removed that RNG:
https://arstechnica.com/security/2016/01/juniper-drops-nsa-developed-code-following-new-backdoor-revelations/
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
