Juniper Networks product information about Dual_EC_DRBG

  [KB28205] Show Article Properties


Summary:
Juniper will use this document to comment on whether Dual Elliptic Curve Deterministic Random Bit Generator (aka Dual_EC_DRBG) is used by any Juniper Networks products.
Solution:

Due to recent statements (top of page #2) by the US National Institute of Standards and Technology (NIST) concerning the security of the Dual_EC_DRBG cryptographic algorithm, Juniper Networks would like to make the following statements:

The following product families do not utilize Dual_EC_DRBG:
  1. Junos - Any product running Junos OS
  2. Junos Pulse Secure Access Service (SSL-VPN / IVE OS)
  3. Junos Pulse Access Control Service (UAC)
  4. Junos Pulse
  5. Junos Space
  6. JunosE
  7. CTP/CTPView
The following product families do utilize Dual_EC_DRBG, but do not use the pre-defined points cited by NIST:
  1. ScreenOS*
* ScreenOS does make use of the Dual_EC_DRBG standard, but not in a way that should be vulnerable to the possible issues described by NIST. Instead of using the NIST recommended curve points, ScreenOS uses self-generated basis points.
Related Links: