Open Source Spat: OpenBSD versus FreeBSD

What happens when people, who are supposed to advocate openness and collaboration among developers, start to snipe at each other’s ability to deliver the goods? It’s like the Peloponnesian War without the hunky warriors, action, and historic relevance.

A spat has erupted in the BSD open sauce communities with OpenBSD saying that FreeBSD is years behind when it comes to security.

It all started when FreeBSN announced that it will reduce the role of random number generators which are built into processors from Intel and Via, over suspicions that these methods may have been compromised by the National Security Agency.

But the man behind the OpenBSD project, Theo de Raadt, sniffed that he had no reason to follow the steps taken by FreeBSD with regard to hardware-based cryptography because it has already been doing this for a decade.

In an interview with ITWire, de Raadt was described as being “scathing” when asked if his project would be doing what FreeBSD has announced.

He said that FreeBSD has just caught up to what OpenBSD has been doing for over 10 years and there is nothing new in their changes.

De Raadt was also miffed that the hack in question had asked him that question. However, he said that OpenBSD could not follow FreeBSD because it was already leading in 2003.

He lashed out at 10 years of FreeBSD stupidity. He said that the group didn’t know a thing about security and ignored relevant research in all fields.

De Raadt said OpenBSD’s support for the Intel CPU rdrand instruction was added in 2012.

This code added entropy into the bottom of the randomization subsystem, such as timings between packets or disk IOs or mouse movements.

Intel RNG data was not better or worse in any way, since a random subsystem is engineered very specifically to smooth input data into output strong-random data, safely, he said.

“When the Intel RNG code above was added, it was simply following a pattern already established. Our first per-CPU randomisation support was for the VIA C3 cpus, which added a proprietary instruction almost a decade ahead of Intel. This code was added in 2003.”

De Raadt said that now everyone was discovering that FreeBSD has been doing it wrong.

“It’s not as if they operate in a closed source world, and couldn’t have looked at what others did. They must have chosen a few years ago to do this wrong, intentionally,” he said. Ohhh get her. 

Source: TechEye