[Ukfreebsd] Fwd: URGENT: RNG broken for last 4 months

Sevan / Venture37 venture37 at gmail.com
Tue Feb 17 18:03:38 GMT 2015


If you're running FreeBSD-CURRENT:

---------- Forwarded message ----------
From: John-Mark Gurney <jmg at funkthat.com>
Date: 17 February 2015 at 17:37
Subject: URGENT: RNG broken for last 4 months
To: current at freebsd.org


If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.

I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data.  read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.

This means most/all keys generated may be predictable and must be
regenerated.  This includes, but not limited to, ssh keys and keys
generated by openssl.  This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.

--
  John-Mark Gurney                              Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-current at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"


More information about the Ukfreebsd mailing list