[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

On 14/12/2013 02:08, Henrique de Moraes Holschuh wrote:
>> kfreebsd 8.3 and 9.0 (wheezy):
>> 	Sets Via chipset to serve /dev/random unconditionally whenever detected,
>> 	but only on i386 (not amd64). Does not support Intel entropy source.
>> 	(see sys/dev/random/probe.c)
> Backporting the fix to these kernels might be a good idea, probably best
> routed through an stable update upload (and not a security upload).

This might be a bit complicated due to significant changes in internal
APIs. I'm also unsure if the yarrow algorithms used in those versions
are good enough for the task.

Perhaps we should just disable Via chipset from sys/dev/random/probe.c.
Would this be a terrible loss for a Technology Preview release?

>> kfreebsd 9.2 (jessie / sid):
>> 	Sets Via or Intel chipset to serve /dev/random when detected,
>> 	unless hw.nehemiah_rng_enable or hw.ivy_rng_enable are set to zero
>> 	to disable them.
> Remove, switch to kfreebsd 10.  Either that, or backport the fix from
> kfreebsd 10.

I tend to favour removal. Releasing with two kernels is a PITA.

What does everyone else think? Is someone interested in having 9.2 in

Robert Millan

Reply to: