The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks.
"For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."
In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change.
"Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say [Dan Goodin/Ars Technica]
Josh Quiggin argues persuasively that the easiest way to seem "presidential" is to drop bombs on someone else, and reminds us that Americans only recognize bombing people as "cowardly and evil" when the people being bombed are Americans.
The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans -- even when they're communicating with non-Europeans -- services like Facebook would risk running afoul of the GDPR if they collected data on […]
American health care is so screwed up, so horribly distorted by the insurance companies' abusive practices, that millions of Americans (even those with insurance) fly to Mexico every year to get state-of-the-art medical care -- and a resort vacation in the bargain -- rather than face the US system, and save money by doing so.
Another year, another iteration of Samsung’s Galaxy smartphone—except this time around Samsung sought to redefine what a smartphone can do completely. Boasting a 6.2″ Quad HD+ Super AMOLED (2960×1440) infinity display, and an elite 10nm 64-bit Octa-Core Processor with 6GB RAM, the S9+ is an absolute powerhouse with a price tag to match. However, you […]
Competition in the job market is getting stiff, and while experience and a four-year degree can put you on the map, most employers prefer applicants versed in the tools that power their industry. To this end, certifying your skills with Salesforce is a smart move. The world’s #1 Customer Relationship Management (CRM) platform, Salesforce is […]
Warmer weather is coming, and so too is the hankering for iced coffee. But, since most of us don’t have the time—or foresight—to make a batch of cold brew the night before, we’ll be chilling our cups of Joe with ice cubes and watering them down in the process. The HyperChiller Coffee Chiller offers a different […]