ANSI X9.31 RNG Static Keys in Source Code Result in DUHK Vulnerability

Three cryptography experts discovered a vulnerability that exists within ANSI X9.31, a random number generator (RNG) that was deprecated by NIST in 2011 and by FIPS in 2016. This vulnerability, dubbed DUHK for “Don’t Use Hard-coded Keys,” exists within the products of at least a dozen vendors. In order for systems using ANSI X9.31 to remain secure, the static key used to generate random numbers needs to remain a secret; however, some companies implemented this RNG with the static key hard-coded into their products, providing the opportunity for unauthorized users to obtain the key and use it to decrypt encrypted communications generated or facilitated by the affected products. This includes data traveling through virtual private network (VPN) connections as well as encrypted web browser sessions. Affected products include the BeCrypt Cryptographic Library, Cisco Aironet, DeltaCrypt FIPS Module, Fortinet’s FortiOS, MRV Communications’ LX-4000T/LX-8020S, Neoscale’s CryptoStor, Neopost’s Postal Security Devices, Renesas’ AE57C1, TechGuard’s PoliWall-CCF, Tendyron’s OnKey193, ViaSat’s FlagStone Core, and the Vocera Cryptographic Module. Many of these vendors have since removed ANSI X9.31 from their products and there are currently no known instances of DUHK being exploited in the wild. Products certified after January 2016 are not vulnerable. The NJCCIC recommends users and administrators of the affected products review the DUHK attack website, read the associatedpaper, and apply updates to affected products when available.