FreeBSD Developers Will Not Trust Chip-Based Encryption

← Back to Stories (view on slashdot.org)

FreeBSD Developers Will Not Trust Chip-Based Encryption

Posted by Soulskill on Wednesday December 11, 2013 @09:05AM from the fool-me-once,-shame-on-you dept.

New submitter srobert writes "An article at Ars Technica explains how, following stories of NSA leaks, FreeBSD developers will not rely solely on Intel's or Via's chip-based random number generators for /dev/random values. The values will first be seeded through another randomization algorithm known as 'Yarrow.' The changes are effective with the upcoming FreeBSD 10.0 (for which the first of three planned release candidates became available last week)."

2 of 178 comments (clear)

Min score:

Reason:

Sort:

Re: what's that going to accomplish? by Anonymous Coward · 2013-12-11 09:24 · Score: 5, Informative

https://www.schneier.com/yarrow-qa.html
your ignorance is unjustifiable
Re:Very Smart Move by Anonymous Coward · 2013-12-11 13:45 · Score: 5, Informative

I take it you didn't even actually read what he said, then.

Linus Torvalds responds:
Where do I start a petition to raise the IQ and kernel knowledge of people?
Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong.
Short answer: we actually know what we are doing. You don't.
Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random.
Really short answer: you're ignorant.
TL;DR: Linux was NOT trusting chips and doing a variant of what FreeBSD plans to do now since quite a bit before.