this is logged as trac ticket: https://trac.torproject.org/projects/tor/ticket/10402
FreeBSD project announced RDRAND not to be used directly, with OpenSSL following guidance.[0][1][2] IF? you are using a Tor built against openssl-1.0.1-beta1 through openssl-1.0.1e AND+ you have set HardwareAccel 1 THEN: you should implement one of the remedies below! help coderman test mitigation patch: https://peertech.org/dist/tor-0.2.4.19-rdrand-disable.patch https://peertech.org/dist/tor-0.2.5.1-rdrand-disable.patch https://peertech.org/dist/tor-latest-rdrand-disable.patch if on Sandy Bridge, Ivy Bridge, other Intel CPU with RDRAND. OTHER mitigation: - re-build your OpenSSL with OPENSSL_NO_RDRAND defined - re-build your Tor with DISABLE_ENGINES defined - update to latest git openssl or cherry pick commit: "Don't use rdrand engine as default unless explicitly requested." - Dr. Stephen Henson best regards, 0. "FreeBSD Developer Summit: Security Working Group, /dev/random" https://wiki.freebsd.org/201309DevSummit/Security 1. "Surreptitiously Tampering with Computer Chips" https://www.schneier.com/blog/archives/2013/09/surreptitiously.html 2. "How does the NSA break SSL? ... Weak random number generators" http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
