[nycbug-talk] FreeBSD abandoning hardware randomness

Pete Wright pete at nomadlogic.org
Wed Dec 11 12:58:20 EST 2013

On 12/11/13 08:38, Brian Callahan wrote:
> On 12/11/2013 9:37 AM, Isaac (.ike) Levy wrote:
>> On December 10, 2013 09:12:40 PM EST, James E Keenan <jkeen at verizon.net>
>> wrote:
>>> Article here:
>>> http://www.theregister.co.uk/2013/12/09/freebsd_abandoning_hardware_randomness/
> Whoa. Before this gets way out of hand, let's take a step back and
> analyze what's really going on here.
> No, FreeBSD is not abandoning hardware randomness. That's beyond
> irresponsible of a headline; not that one should consider The Register a
> bastion of journalistic integrity.
> Read the quote: "...remove RDRAND and Padlock backends and feed them
> into Yarrow instead of delivering their output directly to /dev/random."
> So hardware randomness is still being used, it's just not being given
> directly to /dev/random, it has to go through Yarrow (a pseudorandom
> number algorithm/generator). And hey - if you really think using RDRAND
> directly is such a good thing, go for it, "...It will still be possible
> to access hardware random number generators, that is, RDRAND, Padlock
> etc., directly by inline assembly or by using OpenSSL from userland, if
> required ..."
> Instead of giving the nod to FreeBSD for actually taking steps towards a
> good thing here, we're seeing nonsense articles like this from people
> who don't understand cryptography.
> Yes, cryptography is hard and a lot of people don't understand it. Don't
> believe the sensationalism.


I thought the story here was the fact that the FreeBSD project publicly
stated *why* they are not relying solely on these devices due to
more-than-probable NSA/GHQ tampering.  I think this will also have
interesting repercussions on hardware vendors using FreeBSD, although
those discussions will most likely happen in private ;)


Pete Wright
pete at nomadlogic.org
twitter => @nomadlogicLA

More information about the talk mailing list