According this publication [0], The New York Times, Pro Publica, and The Guardian, reported in September that the NSA and its British counterpart are working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products.
[0] http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/ Software trusting chip-based crypto support, and in particular software which uses specialized chips to obtain entropy might be compromising the quality of the entropy pool as made available to /dev/random. This has been recently discussed at security conference in EuroBSDcon 2013. The minutes read: "we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random. It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more" (from http://www.freebsd.org/news/status/report-2013-09-devsummit.html#Security) In consequence the FreeBSD project has deemed it necessary to unlink entropy providers in Intel RDRAND and Via Padlock technologies from the main /dev/random source (http://svnweb.freebsd.org/base?view=revision&revision=256377). Advice from Security Team would be appreciated in order to determine which action needs to be taken in Debian. ------------------------------------------------------- Here's my best attempt at determining the behaviour of kFreeBSD relative to Intel RDRAND / Via Padlock entropy sources: kfreebsd 8.3 and 9.0 (wheezy): Sets Via chipset to serve /dev/random unconditionally whenever detected, but only on i386 (not amd64). Does not support Intel entropy source. (see sys/dev/random/probe.c) kfreebsd 9.2 (jessie / sid): Sets Via or Intel chipset to serve /dev/random when detected, unless hw.nehemiah_rng_enable or hw.ivy_rng_enable are set to zero to disable them. kfreebsd 10~ (sid): All versions in Debian already have the fixed code, which replaces random_adaptor_register() with live_entropy_source_register(), thereby registering Via and Intel chips as "entropy sources" to be post processed by Yarrow, rather than directly as "random adaptors". -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52aba9e0.2060...@debian.org
