Forgot your password?
typodupeerror
Encryption BSD

FreeBSD Developers Will Not Trust Chip-Based Encryption 178

Posted by Soulskill
from the fool-me-once,-shame-on-you dept.
New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."
This discussion has been archived. No new comments can be posted.

FreeBSD Developers Will Not Trust Chip-Based Encryption

Comments Filter:
  • Re:Wise (Score:5, Funny)

    by Minwee (522556) <dcr@neverwhen.org> on Wednesday December 11, 2013 @05:21PM (#45664021) Homepage
    Every time an OpenBSD system needs a random number, instead of trusting any hardware device, it phones home and asks Theo to provide one.
  • Re:Wise (Score:5, Funny)

    by maxwell demon (590494) on Wednesday December 11, 2013 @05:28PM (#45664089) Journal

    I think it phones to this place. [dilbert.com] However some developers don't trust that random number generator and instead opt for this implementation. [xkcd.com]

  • by jakedata (585566) on Wednesday December 11, 2013 @05:31PM (#45664125)

    http://dilbert.com/strips/comic/2001-10-25/ [dilbert.com]

    That's the problem with randomness, you can never be sure.

  • by tippe (1136385) on Wednesday December 11, 2013 @05:54PM (#45664359)

    Really? I just did this:

    $ cat /dev/random | xxd | head -n 10
    0000000: 414c 4c59 4f55 5242 4153 4541 5245 4245 ALLYOURBASEAREBE
    0000010: 4c4f 4e47 544f 5553 5448 414e 4b53 4652 LONGTOUSTHANKSFR
    0000020: 4f4d 5448 454e 5341 414c 4c59 4f55 5242 OMTHENSAALLYOURB
    0000030: 4153 4541 5245 4245 4c4f 4e47 544f 5553 ASEAREBELONGTOUS
    0000040: 5448 414e 4b53 4652 4f4d 5448 454e 5341 THANKSFROMTHENSA
    0000050: 414c 4c59 4f55 5242 4153 4541 5245 4245 ALLYOURBASEAREBE
    0000060: 4c4f 4e47 544f 5553 5448 414e 4b53 4652 LONGTOUSTHANKSFR
    0000070: 4f4d 5448 454e 5341 414c 4c59 4f55 5242 OMTHENSAALLYOURB
    0000080: 4153 4541 5245 4245 4c4f 4e47 544f 5553 ASEAREBELONGTOUS
    0000090: 5448 414e 4b53 4652 4f4d 5448 454e 5341 THANKSFROMTHENSA

    Maybe there's a pattern there; I'm not sure. I guess that's the problem with randomness: you can never be sure [dilbert.com].

  • by Anonymous Coward on Wednesday December 11, 2013 @05:54PM (#45664365)

    What? Don't be silly, these chips are all so perfectly safe and perfectly usable for things like encrypting communications

    .oO(wait, that was too subtle, nobody will get my funny joke)

    for us... *ahem* your customers!

    .oO(wow, i'm really funny and sarcastic. just add a little more so nobody can't possibly miss it)

    You're such a worrywart!

    Signed, um...

    .oO(ba-dumm tsss - i guess i will need to explain my next awesome joke too, by using boldface - otherwise nobody might get the subtle NSA reference)

    Mr. Norman Samuel Ayers

    .oO(well, i guess my humor is just too sophisticated, people will probaly miss it despite me repeatedly explaining my jokes. so let me just inb4 this)

    (/me starts a tally of wooshes)

  • by Anonymous Coward on Wednesday December 11, 2013 @08:12PM (#45665965)

    With a surname that's a homophone of "stallin'" I'm guessing this individual was a Java programmer

Luck, that's when preparation and opportunity meet. -- P.E. Trudeau

Working...