A major announcement on the FreeBSD mailing list landed earlier today:
URGENT: RNG broken for last 4 months in the -current branch [...] This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue.
Various security companies and blogs are already reporting duplicate keys spotted in the wild. So, patch your systems!.
[Updates: (1) This pertains to the '-current' branch which is not recommended for use on production systems. (2) The statement about "duplicate keys" was in the original submission, but lacks confirmation. If you can confirm/deny, please reply in the comments with a link to the source.]
(Score: 2, Funny) by ThG on Wednesday February 18 2015, @11:12AM
Obligatory: http://www.tedunangst.com/flak/post/random-in-the-wild [tedunangst.com]
(Score: 2) by FatPhil on Wednesday February 18 2015, @02:17PM
Also, when I raised the topic amongst C standard experts (which included committee members) the general consensus was that Ted and Theo were at least in part talking crap. However, it was suggested that I should raise a DR on the standard, so that the wording could leave less room for the misinterpretation that Theo and Ted have tricked themselves into believing.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves