The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks.
"For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."
In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change.
"Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say [Dan Goodin/Ars Technica]
America's telcoms sector is hugely concentrated and corrupt, and systematically underinvests in maintenance and infrastructure even as it gouges customers, which it can get away with thanks to its monopoly power, leaving Americans with some of the world's worst, most expensive communications services.
The past two years have seen a tremendous shift in the public perception of capitalism and socialism, the character of philanthropy as reputation-laundry rather than generosity, and the nature of wealth as an indicator of sociopathy, not virtue or cleverness.
Elizabeth Warren has released a characteristically detailed campaign plan to counter white nationalist violence in the USA, whose multi-pronged approach includes directing the DoJ to be more vigorous in pursuing white nationalist groups (and to lay off the Cointelpro-style surveillance of groups that advocate for protections for racialized people); centralized data collection on white nationalist […]
It’s tempting for many young professionals to assume that because they’ve spent most of their lives posting links to Facebook or pushing selfies to Instagram that they have the skills needed to be a digital marketer. Creating compelling content is certainly important, but if you’re not up to speed on search engine optimization (SEO), how […]
With everybody working from home now, it’s natural to start thinking about careers where not going into the office is more the norm than the exception. Better yet, many are looking to start careers as freelancers, professionals who build their livelihoods around the scope of their talent and not the fortunes of one all-encompassing employer. […]
“The way to have power is to take it.” — Boss Tweed. We think an 18th-century political power broker probably had a different definition of power in mind when he made that statement, yet the sentiment still applies. We’ve all got devices all but falling out of our pockets and the need for power to […]