FreeBSD, the open-source operating system, announced that it will no longer support Intel’s RdRand and Via Technology’s Padlock on-chip random number generators (RNGs) moving forward in new versions of the UNIX-like operating system.
The move apparently follows reports from earlier this year that the National Security Agency had allegedly weakening cryptographic standards built in conjunction with the National Institute for Standards and Technology so that the NSA could circumvent them in order to perform its surveillance operations.
Citing a “high probability of backdoors” and mentioning Edward Snowden by name on a security working group site for the FreeBSD Developer Summit, the group says it “cannot trust [these hardware] RNGs to provide good entropy directly.” Instead, they plan on generating their random numbers with either the Yarrow or its successor Fortuna pseudo-RNGs, each of which is open-source and was developed by famed cryptographers Bruce Schneier, John Kelsey, and Niels Ferguson.
“For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random,” Free BSD’s developers wrote in a EuroBSDcon 2013 Developer Summit special status report on their website. “It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.”
RNGs are an integral aspect of key-creation for strong encryption. Crypto-systems with weak RNGs or PRNGs that don’t create suitably random numbers are considered weak cryptographic systems.