[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs

Package: src:kfreebsd-9
Version: 9.2-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>
Control: found -1 9.0-10+deb70.5
Control: found -1 9.0~svn223109-0.1
Control: clone -1 -2
Control: reassign -2 src:kfreebsd-8/8.3-6
Control: found -2 8.2-1
Control: found -2 8.0-1

The kernel of FreeBSD since 5.3 supports the Nehemiah RNG in 32-bit VIA
Eden CPU cores.  Where available, it is used as the sole provider of
/dev/{,u}random (after some post-processing in hardware).

This affects 32-bit Debian kfreebsd-8 and kfreebsd-9 packages.  Since
first being uploaded to sid, kfreebsd-10 had already reworked this
(in SVN r256381) to feed hardware RNGs into Yarrow along with other
entropy sources, so they can be safely used.

Additionally, support for the RNG in 64-bit Via Nano CPU cores was
added to 64-bit builds of kfreebsd-9, version 9.1 and later.

I've no reason to think that VIA or its chip design subsidiary, both
Taiwanese-owned, were involved in the recently disclosed US NSA
anti-encryption programs.  But it is clear now that we should not rely
exclusively on hardware RNGs any more.

This will likely be fixed in stable by disabling this RNG by default,
as upstream have done in stable/8 and stable/9.  In jessie/sid,
kfreebsd-9 may soon be superseded by kfreebsd-10.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to: