On Juniper’s Backdoor and the NSA’s Role ⇥ imperialviolet.org

Great post on the Juniper backdoor from Adam Langley:

Again, assuming this hypothesis is correct then, if it wasn’t the NSA who did this, we have a case where a US government backdoor effort (Dual-EC) laid the groundwork for someone else to attack US interests. Certainly this attack would be a lot easier given the presence of a backdoor-friendly RNG already in place. And I’ve not even discussed the SSH backdoor which, as Wired notes, could have been the work of a different group entirely.

It’s probably necessary to read Langley’s post to fully comprehend this, but here it is in a nut: the NSA compromised Dual-EC which allowed them to potentially predict numbers generated by a “random” number generator. And Juniper used Dual-EC as part of its security efforts, but not in the recommended (read: backdoored) way.

Maybe this infiltration would allow the NSA to monitor data sent over Juniper Networks’ hardware, or perhaps it’s unrelated to them. But the very introduction of any backdoor has significantly depleted the security of Juniper’s hardware.

Some may feel that it’s in the U.S. government’s best interests to be allowed to monitor secure connections for possible illegal activity, but it is technically impossible to create a system that only permits connections from American intelligence agencies. If the U.S. is allowed access, why not China? Does that make U.S. intelligence agencies squirm?

Good. That’s how the rest of the world feels.