[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#735450: kfreebsd-9: trusts the output of Intel hardware RNGs

Package: src:kfreebsd-9
Version: 9.2-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>
Control: fixed -1 9.1-3
Control: fixed -1 9.0-12
Control: fixed -1 9.0-10+deb70.5

The kernel of FreeBSD since 9.2 supports the Bull Mountain RNG in Intel
Ivy Bridge CPUs.  Where available, it is used as the sole provider of
/dev/{,u}random without any post-processing.

Much suspicion has fallen on Intel as being a participant of, or target
of, the US NSA's BULLRUN anti-encryption program, somehow compromising
the security of hardware RNGs and thus anything relying on them.  Either
way, we don't know we can trust the raw output of these RNGs any more.

Since first being uploaded to sid, kfreebsd-10 had already reworked
this (in SVN r256381) to feed hardware RNGs into Yarrow along with
other entropy sources, so they can be safely used.

Upstream disabled this RNG by default in stable/9.  In jessie/sid,
kfreebsd-9 may soon be superseded by kfreebsd-10.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to: