Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD-Current Random Number Generator Broken

Posted by samzenpus on from the protect-ya-neck dept.

First time accepted submitter bobo the hobo writesThe FreeBSD random number has been discovered to be generating possibly predictable SSH keys and SSL certificates for months. Time to regenerate your keys and certs if using FreeBSD-Current. A message to the freebsd-current mailing list reads in part: "If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from."

1 of 105 comments (clear)

  1. Re:Newbish question here.. by DarkHelmet433 · · Score: 5, Informative

    The bug was in the unreleased FreeBSD-11 work-in-progress developer tree.

    If you are running an actual release, or one of the stable branches, you are not affected.

    The main cause for concern is if you are generating keys in some form on the developer tree.