VULHUB ™

A weakness has been discovered in the entropy pool implemented by the /dev/random device on various Unix-derived operating systems. The problem occurs when the pool has been emtpied, and the entropy mechanism begins to the seed the pool with a source of pseudo-random data. It has been discovered that due to keystrokes from the console being a source of seeding the entropy pool, it may be possible for an attacker to deduce a user's keystrokes who is physically present at the console. This is possible due to predictable timing sequences used when a keyboard is used, as well as largely differing seeding times when accessing different seeding mechanisms. A conclusive list of affected systems is not available at this time.

A weakness has been discovered in the entropy pool implemented by the /dev/random device on various Unix-derived operating systems. The problem occurs when the pool has been emtpied, and the entropy mechanism begins to the seed the pool with a source of pseudo-random data. It has been discovered that due to keystrokes from the console being a source of seeding the entropy pool, it may be possible for an attacker to deduce a user's keystrokes who is physically present at the console. This is possible due to predictable timing sequences used when a keyboard is used, as well as largely differing seeding times when accessing different seeding mechanisms. A conclusive list of affected systems is not available at this time.