FreeBSD Developers Will Not Trust Chip-Based Encryption 178
New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."
Re: what's that going to accomplish? (Score:5, Informative)
https://www.schneier.com/yarrow-qa.html
your ignorance is unjustifiable
Re:Is there any way to gain trust in a chip? (Score:3, Informative)
Black box? No. Even if testing proved it was absolutely random for the first N numbers, there is no way to be certain that N+1 is not the first of a string of non-random numbers.
But it's not necessary to make it a black box. Physical systems take well known phenomena and use them to to generate random numbers. http://en.wikipedia.org/wiki/Random_number_generation#Physical_methods Done this way, you can make a "transparent box" that performs great and is trustworthy.
FYI, Linux did this 18 months ago (Score:5, Informative)
One of the first things Ted Ts'o did when he took back maintainership of /dev/random in Linux was to stop depending solely on the hardware RNG.
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J?e
Re:Very Smart Move (Score:2, Informative)
Ah, but Linus has called such claims nonsense [theregister.co.uk].
FreeBSD for me, thanks.
Re:Very Smart Move (Score:5, Informative)
I take it you didn't even actually read what he said, then.
Linus Torvalds responds:
Where do I start a petition to raise the IQ and kernel knowledge of people?
Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong.
Short answer: we actually know what we are doing. You don't.
Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random.
Really short answer: you're ignorant.
TL;DR: Linux was NOT trusting chips and doing a variant of what FreeBSD plans to do now since quite a bit before.