From owner-freebsd-stable@FreeBSD.ORG Wed Jan 15 19:42:58 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C608C297 for ; Wed, 15 Jan 2014 19:42:58 +0000 (UTC) Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7DC571F01 for ; Wed, 15 Jan 2014 19:42:58 +0000 (UTC) Received: by mail-qc0-f172.google.com with SMTP id c9so1433403qcz.31 for ; Wed, 15 Jan 2014 11:42:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=5AHbYs4qDn+yexfUrWw6zBjbRDqLNEZEzhmGLgztOEc=; b=BKTVMQfY0/D44lLsxrU2BOzGBCcI0Md1Rkff/GWWXo6Cp7nkL0rcgGS1E/gE6yYGoi 8EYdXuxWTZTwu6trpgMpxUxDP8JFw10hYOd6jzyrrqd8NTDsloge9H16LN2VsO3GVSFT wru9feGbzLs3TH8ca8ryVNTtAwGxE5w97tTCMRObh6NmlY6Ds2ZJp1RAFzBpQLEeDgH9 tlr0rsDeT3+b3jEBBHFNXInh/wf4FJ3YlUtVQpmP/wd9mlOKXQpvbVx66gCyIOOh+C1/ ZvbifuvygvCgy0RDJKd6MhJI5WCq0Zk25Tw8gv0kM8vERcG1ew7dx57CPYe+hlpRHXfg ubQQ== X-Gm-Message-State: ALoCoQkUmgANXHNjds/1D6AgOIkuoKlacsfvFSHd0Z9yIqBlmXWTqpqlK4Q3I2vIwuCbUVHotUTN X-Received: by 10.224.165.12 with SMTP id g12mr7277629qay.89.1389814564429; Wed, 15 Jan 2014 11:36:04 -0800 (PST) Received: from [192.168.1.4] (pool-96-225-163-50.nrflva.fios.verizon.net. [96.225.163.50]) by mx.google.com with ESMTPSA id j9sm8208977qeo.18.2014.01.15.11.36.03 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 15 Jan 2014 11:36:03 -0800 (PST) Message-ID: <52D6E322.8030000@ohlste.in> Date: Wed, 15 Jan 2014 14:36:02 -0500 From: Jim Ohlstein User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Mike Tancsa , Darren Pilgrim Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random References: <201401142011.s0EKBoi7082738@freefall.freebsd.org> <52D6BF9C.8070405@bluerosetech.com> <52D6D5C7.80200@sentex.net> <52D6D93F.7020600@bluerosetech.com> <52D6DC9C.3060007@sentex.net> In-Reply-To: <52D6DC9C.3060007@sentex.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 15 Jan 2014 20:25:03 +0000 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:42:58 -0000 Hello, On 1/15/14, 2:08 PM, Mike Tancsa wrote: > On 1/15/2014 1:53 PM, Darren Pilgrim wrote: >> >> Yes, that's an obvious consequence of a compromised RNG; but that's not >> what I was asking. I'm asking how the attacker could compromise the >> hardware RNG without also obtaining effectively unfettered access to the >> entire system. > > I think the fear is at manufacturing time. i.e. the suspicion is that > some govt agency asked a design weakness be built in. Whether thats > true or a reasonable fear or not, I am not one to say.... > > > ---Mike > > If you belive the NY Times (et alia), it is a legitimate concern: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1& -- Jim Ohlstein