An Investigation of the FreeBSD r278907 RNG Bugfix

By Wilson Lian, Hovav Shacham, and Stefan Savage.

Manuscript, Oct. 2016.


Operating systems and applications rely on random number generators (RNGs) for a number of important tasks, most notably cryptographic key generation. The impact of flawed random number generation practices has been studied extensively in the past. In this paper, we examine the implications of an RNG bug in FreeBSD that was fixed by Subversion commit r278907. In particular, our analysis seeks to discover uses of weak random numbers that either enable an attacker to discover the internal state of the RNG or use such knowledge to predict security-relevant values.



@misc{LSS16, author = {Wilson Lian and Hovav Shacham and Stefan Savage}, title = {An Investigation of the {FreeBSD} {r278907} {RNG} Bugfix}, note = {Manuscript}, howpublished = {Online: \url{}}, month = oct, year = 2016 }

Navigation: Hovav Shacham // Publications // [LSS16]