[Ukfreebsd] Fwd: URGENT: RNG broken for last 4 months
Sevan / Venture37
venture37 at gmail.com
Tue Feb 17 18:03:38 GMT 2015
If you're running FreeBSD-CURRENT:
---------- Forwarded message ----------
From: John-Mark Gurney <jmg at funkthat.com>
Date: 17 February 2015 at 17:37
Subject: URGENT: RNG broken for last 4 months
To: current at freebsd.org
If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.
I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data. read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.
This means most/all keys generated may be predictable and must be
regenerated. This includes, but not limited to, ssh keys and keys
generated by openssl. This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-current at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
More information about the Ukfreebsd
mailing list