Stories
Slash Boxes
Comments

SoylentNews is people

FreeBSD Announces: "URGENT: RNG Broken for Last 4 Months"

posted by janrinok on Wednesday February 18 2015, @10:20AM   Printer-friendly
from the update-now! dept.

An Anonymous Coward writes:

A major announcement on the FreeBSD mailing list landed earlier today:

URGENT: RNG broken for last 4 months in the -current branch [...] This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue.

Various security companies and blogs are already reporting duplicate keys spotted in the wild. So, patch your systems!.

[Updates: (1) This pertains to the '-current' branch which is not recommended for use on production systems. (2) The statement about "duplicate keys" was in the original submission, but lacks confirmation. If you can confirm/deny, please reply in the comments with a link to the source.]

 
This discussion has been archived. No new comments can be posted.
FreeBSD Announces: "URGENT: RNG Broken for Last 4 Months" | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday February 18 2015, @07:55PM

    by Anonymous Coward on Wednesday February 18 2015, @07:55PM (#146655)

    The second one is somewhat right. Shodan's blog is reporting numerous duplicate keys found in ssh installs. However, that does not appear to be related to this PRNG issue.