[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs

Hi Steven,

On 15/01/2014 15:23, Steven Chamberlain wrote:
> I've no reason to think that VIA or its chip design subsidiary, both
> Taiwanese-owned, were involved in the recently disclosed US NSA
> anti-encryption programs.  But it is clear now that we should not rely
> exclusively on hardware RNGs any more.
> This will likely be fixed in stable by disabling this RNG by default,
> as upstream have done in stable/8 and stable/9.  In jessie/sid,
> kfreebsd-9 may soon be superseded by kfreebsd-10.

I've backported the fix to wheezy branch. ISTR you had VIA RNG hardware?
If so, please can you test?

Note that the fix allows override using hw.nehemiah_rng_enable sysctl.

Robert Millan

Reply to: