On Tuesday, 18 September 2012 at 22:14, Pawel Jakub Dawidek wrote: > I experimented a bit with collecting entropy from the time it takes for > device_attach() to run (in CPU cycles). It seems that those times have > enough variation that we can use it for entropy harvesting. It happens > even before root is mounted, so pretty early. >
That sounds really great. > If all the times are more or less equally probable in this range […] They're very unlikely to be equally probable. It would make sense to do some characterization of these times and their statistics: a highly non-uniform distribution would mean that we don't actually get many bits per attach. > […] we have more > than 19 bits of entropy from this one call, but I reduced if to four > bits only, because there are devices that are much faster to attach. > Another reason for doing the above characterization is that, if a particular device_attach() really does provide 12 bits of uncertainty, it's a shame to drop eight of them on the floor. > We could make the code more complex by assuming 0.01% of the time > varies, which should still be safe and will allow to collect more > entropy from those long calls. > I'm a bit leery of assuming that things "should still be safe" for the above reasons. Again, some hard numbers would really help here. Maybe we should even convince a student to do a project. :) Jon -- Jonathan Anderson Research Associate Computer Laboratory University of Cambridge [email protected] +44 1223 763 747 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
