Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs
Hi Steven,
On 15/01/2014 15:23, Steven Chamberlain wrote:
> I've no reason to think that VIA or its chip design subsidiary, both
> Taiwanese-owned, were involved in the recently disclosed US NSA
> anti-encryption programs. But it is clear now that we should not rely
> exclusively on hardware RNGs any more.
>
> This will likely be fixed in stable by disabling this RNG by default,
> as upstream have done in stable/8 and stable/9. In jessie/sid,
> kfreebsd-9 may soon be superseded by kfreebsd-10.
I've backported the fix to wheezy branch. ISTR you had VIA RNG hardware?
If so, please can you test?
Note that the fix allows override using hw.nehemiah_rng_enable sysctl.
--
Robert Millan
Reply to: