Date: Tue, 17 Feb 2015 14:39:28 -0500 From: Ed Maste <emaste@freebsd.org> To: John-Mark Gurney <jmg@funkthat.com> Cc: "current@freebsd.org" <current@freebsd.org> Subject: Re: URGENT: RNG broken for last 4 months Message-ID: <CAPyFy2ChC1aY5H8Ou_8QkGA6iiYAgTvjzjNN%2BFpgpcdLvsb=gQ@mail.gmail.com> In-Reply-To: <CAPyFy2Dwto3iUavGh4mFO01h9TX1X0_HKhASfZtmyvjC3fbQFA@mail.gmail.com> References: <20150217173726.GA1953@funkthat.com> <CAPyFy2Dwto3iUavGh4mFO01h9TX1X0_HKhASfZtmyvjC3fbQFA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17 February 2015 at 13:15, Ed Maste <emaste@freebsd.org> wrote: > > One other point - this only applies to keys generated while running on > a kernel in that range. If you previously generated keys and then > upgraded to r273872 or later there's no concern with respect to key > randomness from this issue. One further followup, it's been pointed out that a lack of entropy can leak DSA private key material. See for example: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ https://www.imperialviolet.org/2013/06/15/suddendeathentropy.html In other words, an existing key does not become less random as a result of this flaw (which is the point I was trying to make), but it the flaw could cause it to be exposed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2ChC1aY5H8Ou_8QkGA6iiYAgTvjzjNN%2BFpgpcdLvsb=gQ>