SoylentNews

FreeBSD Announces: "URGENT: RNG Broken for Last 4 Months"

posted by janrinok on Wednesday February 18 2015, @10:20AM   
from the update-now! dept.

An Anonymous Coward writes:

A major announcement on the FreeBSD mailing list landed earlier today:

URGENT: RNG broken for last 4 months in the -current branch [...] This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue.

Various security companies and blogs are already reporting duplicate keys spotted in the wild. So, patch your systems!.

[Updates: (1) This pertains to the '-current' branch which is not recommended for use on production systems. (2) The statement about "duplicate keys" was in the original submission, but lacks confirmation. If you can confirm/deny, please reply in the comments with a link to the source.]

• Like bad RNG, history repeats itself. Like bad RNG, history repeats itself. (Score: 4, Informative) by Marand on Wednesday February 18 2015, @11:30AM

  by Marand (1081) on Wednesday February 18 2015, @11:30AM (#146483) Journal

  It sounds like they got their RNG from Debian [debian.org] :)

  Starting Score:	1		point
  Moderation		+2
  Informative=1, Funny=1, Total=2
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		4

• Re:Like bad RNG, history repeats itself. (Score: 0) by Anonymous Coward on Thursday February 19 2015, @03:52AM

  by Anonymous Coward on Thursday February 19 2015, @03:52AM (#146832)

  Which was defective by design (Debian). Intentional "oops lets fuck with what the OpenBSD guys did RNG wise". """oops"""
  It was intentional.

  Same with systemd.

  Parent