Whoops: FreeBSD's Random Number Generator Has Been Broken For Months
Written by Michael Larabel in BSD on 18 February 2015 at 09:37 AM EST. 20 Comments
BSD --
It was fixed and subsequently reported yesterday that the FreeBSD kernel has been subject to a faulty random number generator for the past four months.

John-Mark Gurney discovered and fixed the FreeBSD kernel's broken RNG and advises all users who have relied upon the kernel's RNG abilities in the past four months to re-generate relevant keys, etc.

Gurney explained, "I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from. This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue."

Here's the change that fixes the kernel RNG issue that is in their SVN (or Git mirror0 since yesterday.

Update: To clarify, this issue is/was only in the FreeBSD -CURRENT kernel and not the 10.x releases.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week