Date: Wed, 15 Jan 2014 09:04:28 -0800 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: freebsd-stable@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random Message-ID: <52D6BF9C.8070405@bluerosetech.com> In-Reply-To: <201401142011.s0EKBoi7082738@freefall.freebsd.org> References: <201401142011.s0EKBoi7082738@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/14/2014 12:11 PM, FreeBSD Errata Notices wrote: > III. Impact > > Someone who has control over these hardware RNGs would be able to > predicate the output from random(4) and urandom(4) devices and may be able > to reveal unique keys that are used to encrypt data. This is good to know, but I have to wonder: If the attacker has that level of access to the hardware, I would expect one of two things is also true: 1. If you're on "bare metal", the attacker has firmware-level or physical access to the machine; 2. If you're on a hypervisor, you can't trust the hypervisor; In both cases, I would think the attacker can use much simpler, more direct vectors and you have much worse things to worry about than the quality of /dev/random. I'm not questioning the validity of the advisory, I'm genuinely curious about this. I can't think of a scenario were someone could attack /dev/random using this vector without 1 or 2 above also being true.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52D6BF9C.8070405>