David Honig
Tue, 3 Aug 1999 07:41:48 -0700
At 09:22 PM 8/1/99 +0000, Sandy Harris wrote: >> More analysis is needed, especially in the area of how >> to estimate input entropy. There are measures of entropy you could use, e.g., Maurer's Universal Statistical Test. The problem is how to fit them into the OS without bogging down the system, or not responding adequately to the interrupts. In FreeBSD at least, you acquire the entropy during interrupt handling, and you stir the pool each time. So you have to either store copies of the input interrupts, or you have to do your computations during the interrupt handler. Running during interrupt handling constrains what you can do; I had problems (ie, crashes on the first interrupt) computing logarithms there. In any case, this path could be taken to instrument the raw input entropy measuring system. See http://www.geocities.com/SiliconValley/Code/4704/ This diagnostic could help tune the fast entropy-estimator in /dev/random. It has the benefit of being formally related to Shannon's measures of entropy. As far as I can tell, the entropy-estimator in /dev/random has not been validated against anything. Another constructive suggestion is that, if you do run a vpn server with lots of clients in a closet and your threat level is high enough (or you like to hack this kind of stuff), add a hardware source, e.g., a commercial serial-port dongle or soundcard-based acquisition system. This should not be too hard for someone more familiar with the OS internals than I. As usual with crypto, the problem is, who cares enough to bother?