<p dir="ltr">I read the article as suggesting that the keys were deterministically created at initial boot, when the machine state was fully predictable, which to me sounds like an entropy failure for the RNG.<br>
However I accept that I haven't read the originals.<br>
</p>
<div class="gmail_quote">On 19 Mar 2015 18:58, "Peter Gutmann" <<a href="mailto:pgut001@cs.auckland.ac.nz">pgut001@cs.auckland.ac.nz</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Jim Cheetham <<a href="mailto:jim@gonzul.net">jim@gonzul.net</a>> writes:<br>
<br>
><a href="https://nakedsecurity.sophos.com/2015/03/18/double-freak-a-cryptographic-bug-that-was-found-because-of-the-freak-bug/" target="_blank">https://nakedsecurity.sophos.com/2015/03/18/double-freak-a-cryptographic-bug-that-was-found-because-of-the-freak-bug/</a><br>
<br>
That one (and several similar stories over the years) wasn't an RNG failure,<br>
it was because they flash in a single firmware image with a pre-generated key<br>
and cert.  You could have had the best RNG in the world hooked up to the<br>
hardware and it wouldn't have made any difference.<br>
<br>
(This is fairly standard practice in embedded devices, you can't do per-device<br>
customisation at manufacture time, and once it's shipped vendors generally<br>
don't want to touch things like this).<br>
<br>
Peter.<br>
<br>
――<br>
View topic <a href="http://lists.onerng.info/r/topic/6DJbIX1EhKd021WDBRxyKG" target="_blank">http://lists.onerng.info/r/topic/6DJbIX1EhKd021WDBRxyKG</a><br>
Leave group mailto:<a href="mailto:onerng-talk@lists.onerng.info">onerng-talk@lists.onerng.info</a>?Subject=Unsubscribe<br>
<br>
Start groups <a href="https://OnlineGroups.net" target="_blank">https://OnlineGroups.net</a><br>
</blockquote></div>