From owner-freebsd-stable@FreeBSD.ORG Wed Jan 15 17:04:33 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D76C589 for ; Wed, 15 Jan 2014 17:04:33 +0000 (UTC) Received: from luigi.brtsvcs.net (luigi.brtsvcs.net [204.109.60.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 392931AB0 for ; Wed, 15 Jan 2014 17:04:32 +0000 (UTC) Received: from chombo.houseloki.net (unknown [IPv6:2601:7:16c0:b50:21c:c0ff:fe7f:96ee]) by luigi.brtsvcs.net (Postfix) with ESMTPSA id EAB7B2D4FAE for ; Wed, 15 Jan 2014 09:04:25 -0800 (PST) Received: from [IPv6:2601:7:880:bd0:24f3:10cb:6280:eceb] (unknown [IPv6:2601:7:880:bd0:24f3:10cb:6280:eceb]) by chombo.houseloki.net (Postfix) with ESMTPSA id DAB28105 for ; Wed, 15 Jan 2014 09:04:22 -0800 (PST) Message-ID: <52D6BF9C.8070405@bluerosetech.com> Date: Wed, 15 Jan 2014 09:04:28 -0800 From: Darren Pilgrim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random References: <201401142011.s0EKBoi7082738@freefall.freebsd.org> In-Reply-To: <201401142011.s0EKBoi7082738@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 17:04:33 -0000 On 1/14/2014 12:11 PM, FreeBSD Errata Notices wrote: > III. Impact > > Someone who has control over these hardware RNGs would be able to > predicate the output from random(4) and urandom(4) devices and may be able > to reveal unique keys that are used to encrypt data. This is good to know, but I have to wonder: If the attacker has that level of access to the hardware, I would expect one of two things is also true: 1. If you're on "bare metal", the attacker has firmware-level or physical access to the machine; 2. If you're on a hypervisor, you can't trust the hypervisor; In both cases, I would think the attacker can use much simpler, more direct vectors and you have much worse things to worry about than the quality of /dev/random. I'm not questioning the validity of the advisory, I'm genuinely curious about this. I can't think of a scenario were someone could attack /dev/random using this vector without 1 or 2 above also being true.