FreeBSD ditches suspect hardware-based crypto

Buried in the “Security” section of a report on the FreeBSD Developer Summit held in September in Malta is a small but important note about the FreeBSD developers’ decision to stop using two hardware random number generators (RNGs).

Despite the report having been published for months now, The Register’s Richard Chirgwin first brought the matter to the attention of the wider public this Monday.

The two RNGs in question are Intel’s RDRAND and Via’s Padlock.

The reason for the decision to stop relying solely on their random output for generating uncrackable cryptographic keys is the recent revelation that the US NSA has influenced the US National Institute of Standards and Technology (NIST) to adopt an encryption standard that has been made by the NSA to include a weakness known only to them.

Also, that the NSA has been working on either securing the collaboration of tech and telecom companies to gain access to encrypted communication or, if neither of those two approaches were successful, on secretly attempting to put backdoors into their products.

“We have a pluggable random generator framework and we have a number of plugins for it, Yarrow is one, and the RDRAND, Padlock are two others, we have one that blocks and one that panics, and few coding examples and so on,” the group noted in the report.

“For [FreeBSD] 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random. It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.”

The also added that they would like to “collect more entropy early in the boot process,” which they will likely achieve through the implementation of a patch that “feeds the amount of time it takes to attach a device into /dev/random.”

Whether the two RNGs can ultimately be trusted or not, the group’s decision to pass the random numbers first through Yarrow can only add to the randomness and increase their entropy, and therefore be only positive.

Don't miss