From owner-freebsd-security@FreeBSD.ORG  Mon Nov 24 18:18:39 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1F0161065672
	for <freebsd-security@freebsd.org>;
	Mon, 24 Nov 2008 18:18:39 +0000 (UTC)
	(envelope-from neldredge@math.ucsd.edu)
Received: from euclid.ucsd.edu (euclid.ucsd.edu [132.239.145.52])
	by mx1.freebsd.org (Postfix) with ESMTP id F3D0F8FC29
	for <freebsd-security@freebsd.org>;
	Mon, 24 Nov 2008 18:18:38 +0000 (UTC)
	(envelope-from neldredge@math.ucsd.edu)
Received: from zeno.ucsd.edu (zeno.ucsd.edu [132.239.145.22])
	by euclid.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id mAOI7J627551
	for <freebsd-security@freebsd.org>;
	Mon, 24 Nov 2008 10:07:19 -0800 (PST)
Received: from localhost (neldredg@localhost)
	by zeno.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id mAOI7Jo12529
	for <freebsd-security@freebsd.org>;
	Mon, 24 Nov 2008 10:07:19 -0800 (PST)
X-Authentication-Warning: zeno.ucsd.edu: neldredg owned process doing -bs
Date: Mon, 24 Nov 2008 10:07:18 -0800 (PST)
From: Nate Eldredge <neldredge@math.ucsd.edu>
X-X-Sender: neldredg@zeno.ucsd.edu
To: freebsd-security@freebsd.org
In-Reply-To: <200811241747.mAOHlDSE034716@freefall.freebsd.org>
Message-ID: <Pine.GSO.4.64.0811241001430.1597@zeno.ucsd.edu>
References: <200811241747.mAOHlDSE034716@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Mailman-Approved-At: Mon, 24 Nov 2008 18:32:40 +0000
Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory
	FreeBSD-SA-08:11.arc4random
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2008 18:18:39 -0000

Upon reading this, my first question was whether the weakness applies to 
the random numbers supplied by /dev/random.  If it does, then userspace has 
been getting non-random values, and things like PGP and SSH keys could be 
compromised.  It might be good for secteam to clarify this, IMHO.

On Mon, 24 Nov 2008, FreeBSD Security Advisories wrote:

> FreeBSD-SA-08.11.arc4random                                 Security Advisory
>                                                          The FreeBSD Project

...

-- 

Nate Eldredge
neldredge@math.ucsd.edu