The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks.
"For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."
In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change.
"Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say [Dan Goodin/Ars Technica]
The Intercept publishes a previously-unseen set of Snowden docs detailing more than $500,000,000 worth of secret payments by the Japanese government to the NSA, in exchange for access to the NSA’s specialized surveillance capabilities, in likely contravention of Japanese privacy law (the secrecy of the program means that the legality was never debated, so no […]
The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there’s a false flag in play, and if so, who is waving it.
Two of the NSA’s mass surveillance programs revealed by Edward Snowden are Prism (which give the NSA “bulk data” access to the servers of Apple, Facebook, Google, Microsoft, Yahoo and others) and Upstream (through which the NSA taps the internet’s fiber optic backbones). Both are possible because of Section 702 of the Foreign Intelligence Surveillance […]
If you want to work in tech, but don’t have any desire to code web apps to help businesses sell things to other business, you might want to consider a career in cybersecurity. Judging from the apparent complete infiltration of Russian hackers in American cyberspace, it seems fair to speculate that there’s a major shortage of […]
All moms are different. But all moms like getting flowers on Mother’s Day, and that’s a fact (not, however a fact we can document in any fashion.) Instead of getting chewed out for forgetting to call her on the second Sunday of May, you can take care of it ahead of time with Teleflora’s flower […]
Yeah, Bluetooth audio is pretty common these days, so why should you care about these earbuds? Look how happy that woman up above looks. She’s got FRESHeBUDS in. Boom. There’s your reason. She’s also at the beach and it appears to be a very nice day.But for the sake of promotion, wireless earbuds are fast becoming the […]