I guess I am missing where you can search the whole site instead of individual forums so if it is in the wrong spot, eh.
http://arstechnica.com/security/2013/12 ... opers-say/
http://arstechnica.com/security/2013/12 ... opers-say/
Which seems not to be correct. If you read the original report (which is also quoted in that same article) it becomes quite clear that the end users retain the freedom to chose their own approach:Arstechnica article said:Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries.
Which in my opinion provides a different view on the matter than a statement which claims that we're not given any choice.FreeBSD security report said:It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.
kpa said:I don't think that there's any "planted" backdoors in those chips.
kpa said:If that's true the guys at NSA are really stupid. Any cryptoanalyst who knows what he/she is doing can detect regularities in the ciphertext that is weaker against attacks because of poor quality randomness and ultimately recover the secret keys. You really think the the NSA guys will be the only ones listening? So if we assume that there is a backdoor planted in those chips as you claim, all encrypted traffic in the USA that is encrypted with those chips is wide open for the "evil chinese" for eavesdropping.
Crivens said:I spent the last days' free time looking at the videos from http://media.ccc.de, where the 30c3 proceedings are located. The speakers often mention the idea to switch their profession to gardening or carpenting. Once you watched some of the presentations, you will get the same feeling.
One presentation showed how to use a 32bit RISC unit in your NorthBridge (Intel systems) which is normally used for things like wake-on-LAN or system management, for really spooky stuff. Like, scan the main memory for signatures of the active OS, parse OS data structures, look for keyboard buffers, copy passwords and transmit them out of the system by massaging the timing for the ethernet. So you can pick up the transmitted passwords by watching the packets from that machine, and watching the time between these. No data is changed in the traffic so a packet dump will not show anything.