SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    FreeBSD Announces: "URGENT: RNG Broken for Last 4 Months"
Date    Wednesday February 18 2015, @10:20AM
Author    janrinok
Topic   
from the update-now! dept.
https://soylentnews.org/article.pl?sid=15/02/18/1018213

An Anonymous Coward writes:

A major announcement on the FreeBSD mailing list landed earlier today:

URGENT: RNG broken for last 4 months in the -current branch [...] This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue.

Various security companies and blogs are already reporting duplicate keys spotted in the wild. So, patch your systems!.

[Updates: (1) This pertains to the '-current' branch which is not recommended for use on production systems. (2) The statement about "duplicate keys" was in the original submission, but lacks confirmation. If you can confirm/deny, please reply in the comments with a link to the source.]

Links

  1. "A major announcement" - https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054580.html

© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, FreeBSD Announces: "URGENT: RNG Broken for Last 4 Months" on 2023-06-05 01:57:00