Date: Tue, 17 Feb 2015 09:37:26 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: current@FreeBSD.org Subject: URGENT: RNG broken for last 4 months Message-ID: <20150217173726.GA1953@funkthat.com>
next in thread | raw e-mail | index | archive | help
If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.
I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data. read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.
This means most/all keys generated may be predictable and must be
regenerated. This includes, but not limited to, ssh keys and keys
generated by openssl. This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150217173726.GA1953>