Knowledge Search

Juniper will use this document to comment on whether Dual Elliptic Curve Deterministic Random Bit Generator (aka Dual_EC_DRBG) is used by any Juniper Networks products.

Due to recent statements (top of page #2) by the US National Institute of Standards and Technology (NIST) concerning the security of the Dual_EC_DRBG cryptographic algorithm, Juniper Networks would like to make the following statements:

The following product families do not utilize Dual_EC_DRBG:

1. Junos - Any product running Junos OS
2. Junos Pulse Secure Access Service (SSL-VPN / IVE OS)
3. Junos Pulse Access Control Service (UAC)
4. Junos Pulse
5. Junos Space
6. JunosE
7. CTP/CTPView

The following product families do utilize Dual_EC_DRBG, but do not use the pre-defined points cited by NIST:

1. ScreenOS*

* ScreenOS does make use of the Dual_EC_DRBG standard, but not in a way that should be vulnerable to the possible issues described by NIST. Instead of using the NIST recommended curve points, ScreenOS uses self-generated basis points.