Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Jan 2014 19:16:04 +0100
From:      =?iso-8859-1?Q?Peter_Ankerst=E5l?= <peter@pean.org>
To:        Darren Pilgrim <list_freebsd@bluerosetech.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random
Message-ID:  <61972F13-545A-428F-A909-83BDE811C3F5@pean.org>
In-Reply-To: <52D6BF9C.8070405@bluerosetech.com>
References:  <201401142011.s0EKBoi7082738@freefall.freebsd.org> <52D6BF9C.8070405@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 15 Jan 2014, at 18:04, Darren Pilgrim <list_freebsd@bluerosetech.com> =
wrote:

> On 1/14/2014 12:11 PM, FreeBSD Errata Notices wrote:
>> III. Impact
>>=20
>> Someone who has control over these hardware RNGs would be able to
>> predicate the output from random(4) and urandom(4) devices and may be =
able
>> to reveal unique keys that are used to encrypt data.
>=20
> This is good to know, but I have to wonder:
>=20
> If the attacker has that level of access to the hardware, I would =
expect one of two things is also true:
>=20
> 1. If you're on "bare metal", the attacker has firmware-level or =
physical access to the machine;
> 2. If you're on a hypervisor, you can't trust the hypervisor;
>=20
> In both cases, I would think the attacker can use much simpler, more =
direct vectors and you have much worse things to worry about than the =
quality of /dev/random.  I'm not questioning the validity of the =
advisory, I'm genuinely curious about this.  I can't think of a scenario =
were someone could attack /dev/random using this vector without 1 or 2 =
above also being true.
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to =
"freebsd-stable-unsubscribe@freebsd.org"
>=20

The manufacturer of a good friend of the manufacturer interested in =
decrypting stuff.

/Peter.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61972F13-545A-428F-A909-83BDE811C3F5>