The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks.
"For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."
In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change.
"Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say [Dan Goodin/Ars Technica]
Boing Boing is proud to publish two original documents disclosed by Edward Snowden, in connection with “Sherlock Holmes and the Adventure of the Extraordinary Rendition,” a short story written for Laura Poitras’s Astro Noise exhibition, which runs at NYC’s Whitney Museum of American Art from Feb 5 to May 1, 2016.
The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines.
The same entity that claims to be behind a recent hack of CIA Director John Brennan’s personal email now claims to be behind a breach of the accounts of Director of National Intelligence James Clapper. The Office of the Director of National Intelligence confirmed to Motherboard that Clapper had been targeted, and that the case […]
If you’ve been blessed enough to avoid them yourself, you’ve definitely heard the horror stories. Late night, crushing out a ton of work, writing, coding, anything, then boom – your computer crashes. The battery blows, you spill water or coffee all over the place, or it just shuts down with no explanation, and you’re screwed. […]
You travel around a lot. It might be that jet set life from New York to LA to London to Tokyo, or it might be back and forth from the coffee shop to the office, or from the kitchen to the couch. Any which way, you’re mobile and that’s the way to live. When you […]
It’s 2016 and we like our technology really small. Our phones fit in our pockets, our remotes are lighter than ever, and even our cars seem to be shrinking. So your new drone shouldn’t be an exception. This Axis VIDIUS Drone is 21% off right now and it’s so little, your biggest problem won’t be […]