lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVRA1RZJgO2wOKsY8pMxnwpHPnLgx9DiW4_1CzxotT==f3rFw@mail.gmail.com> Date: Sat, 14 Dec 2013 04:33:31 -0800 From: coderman <coderman@...il.com> To: cpunks <cypherpunks@...nks.org>, Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: RDRAND used directly when default engines loaded in openssl-1.0.1-beta1 through openssl-1.0.1e as per the FreeBSD announcement[0] and others[1][2] direct use of RDRAND as sole entropy source is not recommended. from Westmere onward you could use AES-NI to make crypto fast in OpenSSL. a common theme is to initialize OpenSSL via ENGINE_load_builtin_engines() which lets OpenSSL take advantage of this acceleration. with Sandy Bridge you also got RDRAND. now load_builtin_engines results in the application using RDRAND directly for all entropy, in addition to accelerating AES. if you are using an application linked with openssl-1.0.1-beta1 through openssl-1.0.1e you should do one of the following: a.) rebuild your OpenSSL with OPENSSL_NO_RDRAND defined. b.) call RAND_set_rand_engine(NULL) after ENGINE_load_builtin_engines(). c.) git pull latest openssl with commit: "Don't use rdrand engine as default unless explicitly requested." - Dr. Stephen Henson the OPENSSL_NO_RDRAND option is recommended; an inadvertent call to load engines elsewhere could re-enable this bad rng behavior. best regards, 0. "FreeBSD Developer Summit: Security Working Group, /dev/random" https://wiki.freebsd.org/201309DevSummit/Security 1. "Surreptitiously Tampering with Computer Chips" https://www.schneier.com/blog/archives/2013/09/surreptitiously.html 2. "How does the NSA break SSL? ... Weak random number generators" http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists