From owner-freebsd-stable@FreeBSD.ORG Wed Jan 15 18:39:08 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C243E42E for ; Wed, 15 Jan 2014 18:39:08 +0000 (UTC) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8986E17EE for ; Wed, 15 Jan 2014 18:39:08 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.7/8.14.7) with ESMTP id s0FId2NV011205; Wed, 15 Jan 2014 13:39:02 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <52D6D5C7.80200@sentex.net> Date: Wed, 15 Jan 2014 13:39:03 -0500 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Darren Pilgrim , freebsd-stable@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random References: <201401142011.s0EKBoi7082738@freefall.freebsd.org> <52D6BF9C.8070405@bluerosetech.com> In-Reply-To: <52D6BF9C.8070405@bluerosetech.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.74 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 18:39:08 -0000 On 1/15/2014 12:04 PM, Darren Pilgrim wrote: > > 1. If you're on "bare metal", the attacker has firmware-level or > physical access to the machine; > 2. If you're on a hypervisor, you can't trust the hypervisor; > > In both cases, I would think the attacker can use much simpler, more > direct vectors and you have much worse things to worry about than the > quality of /dev/random. I'm not questioning the validity of the > advisory, I'm genuinely curious about this. I can't think of a scenario > were someone could attack /dev/random using this vector without 1 or 2 > above also being true. Say you have a physical tap on the network upstream from the victim. The victim is exchanging data across a VPN. You can capture the encrypted traffic, and knowing there is a weakness in the quality of RNG, more easily decode the encrypted traffic. You dont have to worry about sending "extra" traffic from the host say, by poking around in /dev/mem etc. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/