Forgot your password?
Encryption BSD

FreeBSD Developers Will Not Trust Chip-Based Encryption 178

Posted by Soulskill
from the fool-me-once,-shame-on-you dept.
New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."
This discussion has been archived. No new comments can be posted.

FreeBSD Developers Will Not Trust Chip-Based Encryption

Comments Filter:
  • Very Smart Move (Score:5, Insightful)

    by Anonymous Coward on Wednesday December 11, 2013 @05:09PM (#45663917)

    They have every reason NOT to trust the chips. Trust, but verify is always the correct way.

  • Makes sense ... (Score:5, Insightful)

    by MacTO (1161105) on Wednesday December 11, 2013 @05:20PM (#45664011)

    One of the features of open source software is that the code, thus the algorithms, can be examined by a third party. In the case of chips, this is very difficult to do. Most people are stuck trusting that the designer implemented the algorithm they said they did, and that they implemented it properly (the former implying no malice and the latter implying competence). That is particularly true for something like random number generators, which are intended to be non-deterministic as far as the software is concerned so any testing the implementation can only be done statistically. Very few people have the ability to examine the physical design of the chip to check the actual implementation.

  • by houstonbofh (602064) on Wednesday December 11, 2013 @05:24PM (#45664049)
    Because true random in software is computationally expensive. Adding a layer of obfuscation on top of the untrusted hardware gives you a better random cheaply, and avoids potential back-doors in the hardware generator.
  • by SuperKendall (25149) on Wednesday December 11, 2013 @05:43PM (#45664253)

    The output can be completely random, but it doesn't matter if someone else has a mechanism to reproduce exactly the same random stream. Or the ability to toggle on the semi-random mode...

  • Re:Very Smart Move (Score:3, Insightful)

    by celle (906675) on Wednesday December 11, 2013 @09:24PM (#45666635)

    "Trust, but verify"

            If you feel you have to verify then you don't trust them. It was bullshit when Reagan said it and it still is.

The only thing cheaper than hardware is talk.