- Update the random(4) 2013Q3 entry

Submitted by:	markm

en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml

@@ -949,7 +949,7 @@
   </project>
 
   <project cat='kern'>
-    <title>Updating <tt>random(4)</tt></title>
+    <title>Reworking <tt>random(4)</tt></title>
 
     <contact>
       <person>
@@ -978,16 +978,55 @@
     </contact>
 
     <body>
-      <p>Update of <tt>random(4)</tt> to account for recent revelations,
-	and make more extensible, is in progress.</p>
+      <p>Random numbers require a lot more thought and preparation that
+	would naively appear to be the case.  For simulations, number
+	sequences that are repeatable but sufficiently disordered are
+	often what is required to achieve required experimental
+	duplication ability, and many programmers are familiar with
+	these.  For cryptography, it is essential that an attacker not
+	be able to predict or guess the output sequence, thus giving a
+	source of security-critical secret material for uses such as
+	passwords or "key material".</p>
+
+      <p>&os;'s random number generator, available as the pseudo-file
+	<tt>/dev/random</tt> produces unpredictable numbers intended for
+	cryptographic use, and is thus a Cryptograpically-Secured
+	Pseudo-Random Number Generator, or CSPRNG.  The security is
+	given by careful design of the output generator (based on a
+	block cipher) and input entropy accumulation queues.  The latter
+	uses hashes to accumulate stochastic information harvested from
+	various places in the kernel to provide highly unpredictable
+	input to the generator.  The algorithm for doing this, Yarrow,
+	by Schneier et al, may be found by web search.</p>
+
+      <p>&os;'s CSPRNG also allowed for certain stochastic sources,
+	deemed to be "high-quality", to directly supply the
+	<tt>random(4)</tt> device without going through Yarrow.  With
+	recent revelations over possible government surveillance and
+	involvement in the selection of these "high-quality" sources, it
+	is felt that they can no longer be trusted, and must therefore
+	also be processed though Yarrow.</p>
+
+      <p>The matter was discussed at various levels of formality at the
+	Cambridge Developer Summit in August, and at EuroBSDcon 2013 in
+	September.</p>
+
+      <p>This work is now done, and the <tt>random(4)</tt> CSPRNG is now
+	brought to a more paranoid, modern standard of distrust with
+	regard to its entropy sources.  Infrastructure work was also
+	done to facilitate certain entropy-source choices for the
+	convenience of the system administrators.</p>
+
+      <p>Future work is now going ahead with the implementation of the
+	Fortuna algorithm by Ferguson and Schneier as an upgrade or
+	alternative to Yarrow.  Initially a choice will be presented,
+	and decisions on the future of the CSPRNG processing algorithms
+	in use will be made in the future as needs arise.</p>
     </body>
 
     <help>
-      <task>Fortuna is to be an alternative for Yarrow in FreeBSD&nbsp;11.x.</task>
-      <task>Yarrow may be deprecated in a couple of years.</task>
-      <task>FIPS 800-90b support is planned.</task>
-      <task>A full, in-depth review of entropy is going to be done with
-	external help.</task>
+      <task>Implement FIPS 800-90b support.</task>
+      <task>A full, in-depth review of entropy.</task>
     </help>
   </project>