FreeBSD developers ditch Intel, Via's chip-based crypto


Concerned about possible presence of government backdoors, the developers of FreeBSD have decided to stop using hardware-based random number generators from chipmakers Intel and VIA. The decision was made at the FreeBSD Developer Summit in September this year, though it did not attract any attention at that time. The FreeBSD operating system is used in systems ranging from proprietary security appliances to Internet routers.

 "For [FreeBSD] 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," noted the post here. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."

Random number generators are needed to generate cryptographic keys, and are one of the most important ingredients in a cryptographic system. In its report here, Ars Technica compares it to the dice shakers used in board games. "If adversaries can reduce the amount of entropy an RNG produces or devise a way to predict some of its output, they can frequently devise ways to crack the keys needed to decrypt an otherwise unreadable message."

For more:
- check out this article at Ars Technica
- check out this article at The Register

Related Articles:
Report: Recycled Yahoo email IDs could pose security risk
Don't buy from vendors with poor track records in security