Green: On the Juniper backdoor

Here's aninteresting article from cryptographer Matthew Green on how the Juniperbackdoor is the least interesting part of this whole episode. "ThusDual EC is safe only if you assume no tiny bug in the code couldaccidentally leak out 30 bytes or so of raw Dual EC output. If it did, thiswould make all subsequent seeding calls predictable, and thus render allnumbers generated by the system predictable. In general, this would spelldoom for the confidentiality of VPN connections. And unbelievably,amazingly, who coulda thunk it, it appears that such a bug does exist inmany versions of ScreenOS, dating to both before and after the'unauthorized code' noted by Juniper."