Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Whoops: FreeBSD's Random Number Generator Has Been Broken For Months

Written by Michael Larabel in BSD on 18 February 2015 at 09:37 AM EST. 20 Comments

BSD

It was fixed and subsequently reported yesterday that the FreeBSD kernel has been subject to a faulty random number generator for the past four months.

John-Mark Gurney discovered and fixed the FreeBSD kernel's broken RNG and advises all users who have relied upon the kernel's RNG abilities in the past four months to re-generate relevant keys, etc.

Gurney explained, "I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from. This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue."

Here's the change that fixes the kernel RNG issue that is in their SVN (or Git mirror0 since yesterday.

Update: To clarify, this issue is/was only in the FreeBSD -CURRENT kernel and not the 10.x releases.

20 Comments

Related News

OpenBSD 7.5 Released - Faster Performance For Many-Core ARM Servers

NetBSD 10.0 Released With Much Improved Hardware Support & Faster Performance

FreeBSD 13.3 Released With Better WiFi Support, LLVM objdump Added

NetBSD 10.0 Should Be Released Soon - Likely Last RC Debuts

FreeBSD 13.3-RC1 Improves WiFi Stability, Takes Care Of Some Kernel Panics

FreeBSD Has Been Working On AMD64 SIMD libc Optimizations - Coming For FreeBSD 14.1

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Ubuntu Maker Canonical Announces New Collaboration With Qualcomm

Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives

x86-64-v5? Questions Arise Over The Future Of x86-64 Micro-Architecture Feature Levels

Fedora 41 Looks To "-O3" Optimizations For Its Python Build

Arch Linux Increasing Its vm.max_map_count To Help Steam Play Games & Other Software

Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them

KDE's KWin Merges Wayland Explicit Sync Support

APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More