
FreeBSD Kernel Critical Update: arc4random predictable sequence vulnerability - sant0sk1
http://www.cyberciti.biz/tips/cve-2008-5162-freebsd-arc4random.html
======
tptacek
I don't know all the details of this vulnerability, and won't bother digging
them up because Colin can just explain it real quick, but I will point out
that this --- the "cold start entropy" problem --- is a hugely common flaw in
cryptosystems. If you don't have secure random numbers, you don't have crypto
keys.

If you think FreeBSD is fun, think about the problem of embedded devices and
solid-state network boxes, some of which have very few sources of real
entropy, some of which have no simple ability to re-seed nondeterministically
after a cold start. This was Gutterman's Black Hat talk 2 years ago, one of
the best of the show.

