“But since that revelation, Juniper—whose customers include AT&T, Verizon, NATO and the US government—has refused to answer any questions about the backdoor, leaving everyone in the dark about a number of things. Most importantly, Juniper hasn’t explained why it included an encryption algorithm in its NetScreen software that made the unauthorized party’s backdoor possible. The algorithm in question is a pseudo-random number generator known as Dual_EC, which the security community had long warned was insecure and could be exploited for use as a backdoor. Whoever created the backdoor in Juniper’s software did exactly this, hijacking the insecure Dual_EC algorithm to make their secret portal work.

Now new information uncovered by a researcher in Chicago makes Juniper’s decision to use this algorithm even more questionable.”

Source: New Discovery Around Juniper Backdoor Raises More Questions About the Company | WIRED