Date: Tue, 17 Feb 2015 10:02:26 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: current@freebsd.org Subject: Re: URGENT: RNG broken for last 4 months Message-ID: <20150217180226.GC1953@funkthat.com> In-Reply-To: <20150217173726.GA1953@funkthat.com> References: <20150217173726.GA1953@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney wrote this message on Tue, Feb 17, 2015 at 09:37 -0800:
> If you are running a current kernel r273872 or later, please upgrade
> your kernel to r278907 or later immediately and regenerate keys.
>
> I discovered an issue where the new framework code was not calling
> randomdev_init_reader, which means that read_random(9) was not returning
> good random data. read_random(9) is used by arc4random(9) which is
> the primary method that arc4random(3) is seeded from.
>
> This means most/all keys generated may be predictable and must be
> regenerated. This includes, but not limited to, ssh keys and keys
> generated by openssl. This is purely a kernel issue, and a simple
> kernel upgrade w/ the patch is sufficient to fix the issue.
It was brought to my attention (thanks Juli) that it might not be
clear that this issue does not effect any released version of FreeBSD.
It only effects people who run -current.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150217180226.GC1953>