[cryptography] FreeBSD crypto and security meta

coderman coderman at gmail.com
Mon Oct 21 16:57:12 EDT 2013


On Mon, Oct 21, 2013 at 1:45 PM, grarpamp <grarpamp at gmail.com> wrote:
>...
> http://www.freebsd.org/news/status/report-2013-07-2013-09.html#Reworking-random(4)


the interesting bit:
"""
FreeBSD's CSPRNG also allowed for certain stochastic sources, deemed
to be "high-quality", to directly supply the random(4) device without
going through Yarrow. With recent revelations over possible government
surveillance and involvement in the selection of these "high-quality"
sources, it is felt that they can no longer be trusted, and must
therefore also be processed though Yarrow.

The matter was discussed at various levels of formality at the
Cambridge Developer Summit in August, and at EuroBSDcon 2013 in
September.

This work is now done, and the random(4) CSPRNG is now brought to a
more paranoid, modern standard of distrust with regard to its entropy
sources. Infrastructure work was also done to facilitate certain
entropy-source choices for the convenience of the system
administrators.

Future work is now going ahead with the implementation of the Fortuna
algorithm by Ferguson and Schneier as an upgrade or alternative to
Yarrow. Initially a choice will be presented, and decisions on the
future of the CSPRNG processing algorithms in use will be made in the
future as needs arise.
"""


More information about the cryptography mailing list