FreeBSD operating system developers have recently reported that they will never encourage their users to utilize Intel and VIA solutions because of the recently discovered suspicious weak points in the implementation of the algorithm for generating random numbers in these chips, which led to the gateway for breaking cryptographic algorithms by government security agencies and other 3rd party establishments.
The implementation of adjustments to the encryption system is scheduled for FreeBSD 10.0 version. The story begins from September events, when Edward Snowden gave publicity to the materials on NSA applying the vulnerability in the chips to circumvent encryption systems, as well as its initiative to force crypto certification standards with artificial weaknesses in security mechanisms into application. The documents blazed abroad by Snowden contain the information on involvement of both American and British intelligence services in forcing the chipmaker to put artificial weakness in its products.
FreeBSD security put in jeopardy
This information had a direct impact on a popular FreeBSD operating system, which security system relies on hardware number generators to protect data and sticks to a set of mechanisms and approaches, which, as it turns out, are relatively easy to crack. The documents revealed indicate that the NSA had a hand to the random number generators and RDRAND Padlock, provided by Intel and Via.
The panacea promised
A FreeBSD encryption system would be replaced in the next 10th version; therefore, neither it will rely on the processor nor use random generators through the /dev/random function. Instead, a pseudo-random output would be applied, which will be based on RDRAND and Padlock, but will use Yarrow, an additional method of randomization, which will add auxiliary entropy to the generation to ensure the security algorithms.
The developers say that technically the users will be able to utilize hardware randomizers, but the operating system will warn about the undesirability of such method. However, the users will be able to work with Yarrow or use ready certificates to sign crypto sequences.
The FreeBSD fund has openly declared that this change is dictated by leaks that became available solely due to Snowden’s efforts. So how many changes the world of informational technology will undergo, taking into account the fact that as little as 1% of the leaked data has been shared with the world? You are warmly welcome to share your thoughts in the comments.