From owner-freebsd-stable@FreeBSD.ORG Wed Jan 15 18:17:36 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CB6040F for ; Wed, 15 Jan 2014 18:17:36 +0000 (UTC) Received: from system.jails.se (system.jails.se [IPv6:2001:16d8:cc1e:1::1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BD8671531 for ; Wed, 15 Jan 2014 18:17:35 +0000 (UTC) Received: from localhost (system.jails.se [91.205.63.85]) by system.jails.se (Postfix) with SMTP id 2E4E33315AD for ; Wed, 15 Jan 2014 19:17:23 +0100 (CET) Received: from klein.pean.org (klein.pean.org [IPv6:2001:16d8:ff9f::60]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by system.jails.se (Postfix) with ESMTPSA id DB8B73315A5; Wed, 15 Jan 2014 19:17:20 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random From: =?iso-8859-1?Q?Peter_Ankerst=E5l?= In-Reply-To: <52D6BF9C.8070405@bluerosetech.com> Date: Wed, 15 Jan 2014 19:16:04 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <61972F13-545A-428F-A909-83BDE811C3F5@pean.org> References: <201401142011.s0EKBoi7082738@freefall.freebsd.org> <52D6BF9C.8070405@bluerosetech.com> To: Darren Pilgrim X-Mailer: Apple Mail (2.1827) X-DSPAM-Result: Innocent X-DSPAM-Processed: Wed Jan 15 19:17:22 2014 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 52d6d0b228302794910071 X-DSPAM-Factors: 27, Subject*FreeBSD+Errata, 0.40000, could, 0.40000, but, 0.40000, Received*cipher+AES128, 0.40000, vectors+and, 0.40000, friend, 0.40000, that+are, 0.40000, able+>>, 0.40000, Subject*Re+[FreeBSD, 0.40000, "freebsd, 0.40000, or, 0.40000, or, 0.40000, unique+keys, 0.40000, http+//lists, 0.40000, output+from, 0.40000, Received*Jan+2014, 0.40000, org, 0.40000, from, 0.40000, hypervisor, 0.40000, hypervisor, 0.40000, of, 0.40000, of, 0.40000, good+to, 0.40000, the+validity, 0.40000, friend+of, 0.40000, Subject*Announce]+FreeBSD, 0.40000, Mime-Version*OS+X, 0.40000 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 18:17:36 -0000 On 15 Jan 2014, at 18:04, Darren Pilgrim = wrote: > On 1/14/2014 12:11 PM, FreeBSD Errata Notices wrote: >> III. Impact >>=20 >> Someone who has control over these hardware RNGs would be able to >> predicate the output from random(4) and urandom(4) devices and may be = able >> to reveal unique keys that are used to encrypt data. >=20 > This is good to know, but I have to wonder: >=20 > If the attacker has that level of access to the hardware, I would = expect one of two things is also true: >=20 > 1. If you're on "bare metal", the attacker has firmware-level or = physical access to the machine; > 2. If you're on a hypervisor, you can't trust the hypervisor; >=20 > In both cases, I would think the attacker can use much simpler, more = direct vectors and you have much worse things to worry about than the = quality of /dev/random. I'm not questioning the validity of the = advisory, I'm genuinely curious about this. I can't think of a scenario = were someone could attack /dev/random using this vector without 1 or 2 = above also being true. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" >=20 The manufacturer of a good friend of the manufacturer interested in = decrypting stuff. /Peter.