At 09:22 PM 8/1/99 +0000, Sandy Harris wrote:
>> More analysis is needed, especially in the area of how
>> to estimate input entropy.
There are measures of entropy you could use, e.g.,
Maurer's Universal Statistical Test. The problem is
how to fit them into the OS without bogging down
the system, or not responding adequately to the
interrupts.
In FreeBSD at least,
you acquire the entropy during interrupt handling,
and you stir the pool each time. So you have to
either store copies of the input interrupts, or
you have to do your computations during the interrupt
handler. Running during interrupt
handling constrains what you can do; I had problems
(ie, crashes on the first interrupt) computing logarithms
there. In any case, this path could be taken to
instrument the raw input entropy measuring system.
See http://www.geocities.com/SiliconValley/Code/4704/
This diagnostic could help tune the fast entropy-estimator in
/dev/random. It has the benefit of being formally
related to Shannon's measures of entropy. As far as
I can tell, the entropy-estimator in /dev/random
has not been validated against anything.
Another constructive suggestion is that, if you do run a
vpn server with lots of clients in a closet and your threat level is high
enough (or you like to hack this kind of stuff), add a hardware source,
e.g., a commercial serial-port dongle or
soundcard-based acquisition system. This should not be too hard for someone
more familiar with the OS internals than I.
As usual with crypto, the problem is, who cares enough to
bother?
