[nycbug-talk] FreeBSD abandoning hardware randomness

Mark Saad mark.saad at ymail.com
Wed Dec 11 18:04:59 EST 2013 




> On Dec 11, 2013, at 12:58 PM, Pete Wright <pete at nomadlogic.org> wrote:
> 
> 
> 
>> On 12/11/13 08:38, Brian Callahan wrote:
>>> On 12/11/2013 9:37 AM, Isaac (.ike) Levy wrote:
>>> 
>>> On December 10, 2013 09:12:40 PM EST, James E Keenan <jkeen at verizon.net>
>>> wrote:
>>> 
>>>> Article here:
>>>> 
>>>> http://www.theregister.co.uk/2013/12/09/freebsd_abandoning_hardware_randomness/
>> 
>> Whoa. Before this gets way out of hand, let's take a step back and
>> analyze what's really going on here.
>> 
>> No, FreeBSD is not abandoning hardware randomness. That's beyond
>> irresponsible of a headline; not that one should consider The Register a
>> bastion of journalistic integrity.
>> 
>> Read the quote: "...remove RDRAND and Padlock backends and feed them
>> into Yarrow instead of delivering their output directly to /dev/random."
>> So hardware randomness is still being used, it's just not being given
>> directly to /dev/random, it has to go through Yarrow (a pseudorandom
>> number algorithm/generator). And hey - if you really think using RDRAND
>> directly is such a good thing, go for it, "...It will still be possible
>> to access hardware random number generators, that is, RDRAND, Padlock
>> etc., directly by inline assembly or by using OpenSSL from userland, if
>> required ..."
>> 
>> Instead of giving the nod to FreeBSD for actually taking steps towards a
>> good thing here, we're seeing nonsense articles like this from people
>> who don't understand cryptography.
>> 
>> Yes, cryptography is hard and a lot of people don't understand it. Don't
>> believe the sensationalism.
> 
> +1
> 
> I thought the story here was the fact that the FreeBSD project publicly
> stated *why* they are not relying solely on these devices due to
> more-than-probable NSA/GHQ tampering.  I think this will also have
> interesting repercussions on hardware vendors using FreeBSD, although
> those discussions will most likely happen in private ;)
> 
> 
> -pete
> 
> 
> -- 
> Pete Wright
> pete at nomadlogic.org
> twitter => @nomadlogicLA

I was surprised there wasn't a claim of an ultrasonic entropy source in this latest bit from ars !

---
Mark with ear muffs !

More information about the talk mailing list