A serious error has occurred in the random number generator in free Unix derivative NetBSD, which can result in the system’s cryptographic keys being too weak and allowing them to be cracked, German IT news website Heise reports. The cause is misplaced brackets in the program code of the NetBSD kernel. The developers have made a kernel update available to preclude the problem in future. In addition, they are recommending that users of keys produced with either NetBSD 6.0 or the current version of NetBSD change these as a matter of urgency.
The programming error can result in the system producing random numbers which are not particularly random. This danger is especially great if the system is just booting as the system has very little entropy available at this time. The problem has particularly serious effects on 32 bit platforms where cryptographic keys containing only some 32 bits entropy are produced under these circumstances. The resulting 4 billion possibilities can be tried in turn. NetBSD 6.1 will remedy the error.
In particular, keys for SSH servers (which are normally produced at system start-up) are definitely affected. All SSH server keys which have been produced on NetBSD 6 systems should be changed as a matter of urgency. Since the ECDSA algorithm was first introduced with version 6, the relevant keys are very likely to be weak.
Full details of the problem can be found in this NetBSD security advisory notice.