FreeBSD developers have announced that they will no longer be using Intel’s RDRAND and VIA’s Padlock as standalone devices for encryption. Instead, data generated by these hardware-based RNGs (Random Number Generators) will be further processed to enhance security of the information. This system will be implemented from version 10 of FreeBSD onwards.
FreeBSD uses a pluggable random generator framework for encryption. Until now, RNGs RDRAND and Padlock were used to generate random output which was then used for encryption. In a measure to enhance this security further, the developers will use Yarrow to add further entropy to the random output from RDRAND and Padlock. Yarrow is an unpatented licence free algorithm which is used for encryption. It is used by Apple in iOS and Mac OS X. Instead of RDRAND or Padlock feeding /dev/random, the output from these chips will first be fed into Yarrow. Yarrow will further process this information to cover up any backdoors that may be present in the input data.
The announcement comes in the wake of various news sources which have indicated that NSA has been snooping around collecting information on the Internet traffic. Documents released by Edwen Snowden indicate that NSA has been working with organizations to introduce backdoors and cryptographic weaknesses in their software to allow them an access to information. FreeBSD developers say that they no longer trust the output generated by these two RNGs. Access to hardware-based RNGs will still be possible directly by inline assembly or by using OpenSSL from userland.
Linux, too, uses RDRAND for encryption. However, Linus Torvalds, father of the Linux kernel, had already explained that Linux adds randomness to the output from RDRAND and makes the information secure.
Source: Ars Technica