Juniper will use this document to comment on whether Dual Elliptic Curve Deterministic Random Bit Generator (aka Dual_EC_DRBG) is used by any Juniper Networks products.
Due to recent statements (top of page #2) by the US National Institute of Standards and Technology (NIST) concerning the security of the Dual_EC_DRBG cryptographic algorithm, Juniper Networks would like to make the following statements:
The following product families do not utilize Dual_EC_DRBG:
Junos - Any product running Junos OS
Junos Pulse Secure Access Service (SSL-VPN / IVE OS)
Junos Pulse Access Control Service (UAC)
The following product families do utilize Dual_EC_DRBG, but do not use the pre-defined points cited by NIST:
* ScreenOS does make use of the Dual_EC_DRBG standard, but not in a way that should be vulnerable to the possible issues described by NIST. Instead of using the NIST recommended curve points, ScreenOS uses self-generated basis points.