Re: FreeBSD rnd bug

To: Fredrik Pettai <pettai%nordu.net@localhost>, tech-security%netbsd.org@localhost
Subject: Re: FreeBSD rnd bug
From: Jean-Yves Migeon <jym%NetBSD.org@localhost>
Date: Thu, 19 Feb 2015 15:51:47 +0100

Le 19/02/2015 09:47, Fredrik Pettai a écrit :

Did you see this:

https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054580.html

I know that the rnd code in NetBSD has been reworked several times lately,
is the NetBSD design very different from FreeBSDs? or are they fairly equal?


They are completely different. There are two PRNG:

- a "fast" one (chacha20) which is consumed in places where plainrandomization is required in performance critical paths (ASLR, TCPsequence, anon ports...);- a "strong" one (NIST CTR DRBG with AES 128 as block cipher) for cryptorelated operations.

The seed for the fast RNG is obtained from the strong RNG, and thestrong PRNG is initted through rndsink(9). Of course from there, qualitydepends on the entropy sources, but this is just to show that the callpaths and APIs have nothing in common.


--
Jean-Yves Migeon

Follow-Ups:
- Re: FreeBSD rnd bug
  - From: Fredrik Pettai

References:
- FreeBSD rnd bug
  - From: Fredrik Pettai

Prev by Date: Re: FreeBSD rnd bug
Next by Date: Re: FreeBSD rnd bug
Previous by Thread: Re: FreeBSD rnd bug
Next by Thread: Re: FreeBSD rnd bug
Indexes:

Home | Main Index | Thread Index | Old Index