[matthewdgreen]

However: even in this setting, all it takes is a single unauthorized call to Dual EC and an exfiltration of 240 bits to obtain the values used in all subsequent re-seeding of the ANSI generator. We already know there is unauthorized code in ScreenOS based on Juniper's admission. So the next step is to determine whether something like this has occurred.

[csandreasen]

If code was added to leak the state of the PRNG, then whether or not Dual EC is used becomes a non-issue. The person who created the backdoor could leak the state regardless of which PRNG was used.