From owner-freebsd-stable@FreeBSD.ORG Wed Jan 15 19:25:16 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0CB878F0 for ; Wed, 15 Jan 2014 19:25:16 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E48241D5A for ; Wed, 15 Jan 2014 19:25:15 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 9A8BE2A4E5; Wed, 15 Jan 2014 11:25:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1389813915; bh=yBedXFf1i7a6fAvljvo8KzKUKnnLIslFR0DDOWjakKM=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=j5IVWWG7guo4rFFXCJr8ntQt5Vn2vS2hqTe7w4hFDZ9/ULt9ZMBzq/ZTe+atqFQHy Pq1NKg9t/yvT9VAQBNkfCjp4+vEhUbAkbNnp423ZpP8UIuxnU29p3mF3cmAKfXufnO bTVlV9NpdRRO7y5rEc8y6Uw27hgdf3X8H/QDi6NA= Message-ID: <52D6E09B.4000506@delphij.net> Date: Wed, 15 Jan 2014 11:25:15 -0800 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Darren Pilgrim , freebsd-stable@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:01.random References: <201401142011.s0EKBoi7082738@freefall.freebsd.org> <52D6BF9C.8070405@bluerosetech.com> In-Reply-To: <52D6BF9C.8070405@bluerosetech.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:25:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/15/14 09:04, Darren Pilgrim wrote: > On 1/14/2014 12:11 PM, FreeBSD Errata Notices wrote: >> III. Impact >> >> Someone who has control over these hardware RNGs would be able >> to predicate the output from random(4) and urandom(4) devices and >> may be able to reveal unique keys that are used to encrypt data. > > This is good to know, but I have to wonder: > > If the attacker has that level of access to the hardware, I would > expect one of two things is also true: > > 1. If you're on "bare metal", the attacker has firmware-level or > physical access to the machine; 2. If you're on a hypervisor, you > can't trust the hypervisor; > > In both cases, I would think the attacker can use much simpler, > more direct vectors and you have much worse things to worry about > than the quality of /dev/random. I'm not questioning the validity > of the advisory, I'm genuinely curious about this. I can't think > of a scenario were someone could attack /dev/random using this > vector without 1 or 2 above also being true. Not necessarily. An attacker may plant a (well, technically) trapdoor which weaken the keys but not to the extent to expose a easy-to-find issue by manipulating the random number generator. At a later time, the attacker may be able to use this advantage to do bad things, like it may take very limited time or resource to decrypt data from the victim system, *without* having any direct access to the system. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS1uCbAAoJEJW2GBstM+nsIsQP/RUDzsi9AbSEpUBudpOF+WHN WBLC66rKBavnB32LSi4QFCNq5EtjnjyaWD4dl1wlSgtw+I0eOfA4ATX5DKTESBpL aByB+Gtdg6vtMrexmaUSITqlp402lY6mB9ekKCWnbXaHmo2AzTaibkgmrmUMJ5sM PLc2hR38Gn0Lb8cy9OYfbdZxDeofM1TsgtKLtgEnbwaB/20xRsEQQ4SELawnJ6vV IvSXJgQYvWMq1VbD8+5EK5DRkRHpqWlIGFEz/ioMqfvbFfpI0OAqabLk/UzGUz3Y zqFQDoVn6ttz1GfM5TuKCX7LdcICeTpiHOf0HCGiK0ajPTPddBD75BDzIWqucVy2 h6ZQYKJNVkCj3EY5eVHM6mD8ezYvUk8U7GwhVgzbhouXqMpYhXi9VWx/m40Z+08c Jpb0dMh4cvjb0//d6ahkizlVLTOFwAJDnLBZuZqnm+cvRhdCZMJVrz24tAxpYcP7 Zo7FxN9zbCadv+OTaajBhLBogG0vAAqydIUKRMAUv8nZU31vnu6bkyw58Y4Ce8Fs IYutyFlLSZNKAp0HLR+X3kYTpdjly7k65F8OVComOdjM9FSqz2x+vldmxKAyX17e 2Lu48ozefkEcIbW7BgY5ZYhK9qmnxERzxPYZniX8VoK7x0tkMhvHAbrqXWwctwY5 xVYdIkfZt3CIVjE5oUVA =ZzTR -----END PGP SIGNATURE-----