FreeBSD and hardware random number generators


Having just discussed my favourite (and widest deployed) *nix flavour at length over the last few days, FreeBSD has made headlines in the security community. According to their September 2013 DevSummit Security Report, FreeBSD will not rely solely on internal hardware random number generators manufactured by Intel and VIA. Instead, their entropy will be fed into Yarrow, their existing software generator.

In light of the Edward Snowden revelations, members of the project feel such devices can no longer be entirely trusted. I think this is a great idea, but first I think this is emblematic of a far larger issue.

Building block-ing important issues

Computer hardware is a fascinating example of globalisation. One part may be designed in one place, built in another, and assembled into a more complex device somewhere else. During each step of this process, changes can (and do) occur between the specification and delivered product. It can be accidental or otherwise within quality tolerances deemed acceptable, or it can be deliberate.

When entire complex supply chains exist, it seems all but inevitable that these changes will occur. When one considers these parts are made under different governments and companies, state surveillance and industrial espionage are entirely feasible. Those of us labelled as paranoid suspected both, now we all know for sure.

To the trolls who filled my old comment system with remarks that I wear a tinfoil hat, it’s all water off my back. Let’s just work together from now on, yes? ^_^

To play devil's advocate, businesses and national economies are so interdependent, suppliers would dare not risk doing anything intentionally wrong by their customers, lest they lose valuable contracts. While true, they could be compelled to by law. The NSA is but one example.

But back to FreeBSD

That was some mice alliteration. Wait, nice alliteration. I think auto-correct is in itself a fabulous pseudo-random number generator. But I digest. Wait, Disagea. No, digress.

From a security standpoint, I think FreeBSD did the right thing here. While it's unlikely an individual could be singled out amd targeted through this specific weakness, the best approach in a potentially compromised environment is to source entropy from many different places. This way, you get the raw speed and true randomness of a physical chip, with the relative transparency of software pseudo-random number generators. Provided the mixing is done properly, the resulting randomness can be mathematically stronger than any of its constituent parts.

I've been interested in hardware random number generators for a long time. When you start seeing the world as a big, non-deterministic (at least, to us, currently) pool of high entropy randomness, it's quite humbling. Or perhaps that's just me.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.