On Thu, Dec 11, 2008 at 8:42 PM, Damien Miller <d...@mindrot.org> wrote:
> On Thu, 11 Dec 2008, James A. Donald wrote:
>> If one uses a higher resolution counter - sub
>> microsecond - and times multiple disk accesses, one gets
>> true physical randomness, since disk access times are
>> effected by turbulence, which is physically true
>> random.
> Until someone runs your software on a SSD instead of a HDD. Oops.
Before we give up on using drive timings, does anyone have evidence to
verify this assertion? The reviews I have seen using tools like HD
Tune and HD Tach seem to show timing noise reading and writing SSDs. I
don't know where the noise comes from - it is probably not turbulence
<grin/> - but it may be random enough that a long series of tests, say
for a second or so (don't forget, these drives are fast), could
provide a nice pool of unguessable bits.

-Michael Heyman

