From owner-freebsd-security@FreeBSD.ORG Thu Sep 27 09:56:30 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C69AB1065673 for ; Thu, 27 Sep 2012 09:56:30 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 765658FC20 for ; Thu, 27 Sep 2012 09:56:30 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2231614vbm.13 for ; Thu, 27 Sep 2012 02:56:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=JCUFyoBL2cCC89DAbU59AMWIU/4RPHDkLjxw0tUq2F0=; b=ZsIrwYoQPEE+WFwSoSdQMXCJ0PxCJqtQ9UQ0pPzkRar+nLuWJDkcbElL63DxzqVmg/ a6q39LyTQ+dhwThSClet4qdVMPoZrH8QS01spPXSJlDfc0pSPR5HSferbqxyTsbmQ3Ee izCBwaScsowO6McaKmgzcVlULuLltY18ZphN1iW+ysFpMdYRPqHuTpGv5YdHt49PPz4R 5JzHObQHnwtQfPmbvvBcUupH764jtoSY1+5nwWUOOKEx2ob9xzIqsbf/l6fx7Yh7yOqa mToH4Puh9pdN9tSflpQ9Pr9atSdTKCMDFCevRY28oLitrRYH1ZLeMl/D2f1U2ckbRB4L Aa3w== MIME-Version: 1.0 Received: by 10.52.37.100 with SMTP id x4mr1578611vdj.56.1348739784576; Thu, 27 Sep 2012 02:56:24 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Thu, 27 Sep 2012 02:56:24 -0700 (PDT) In-Reply-To: <863923pzgi.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919192836.3a60cdfd@gumby.homeunix.com> <863923pzgi.fsf@ds4.des.no> Date: Thu, 27 Sep 2012 10:56:24 +0100 X-Google-Sender-Auth: 5AGXvhMgVr9_lG46xnGzgoSySFM Message-ID: From: Ben Laurie To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, RW Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Sep 2012 09:56:30 -0000 On Thu, Sep 27, 2012 at 10:49 AM, Dag-Erling Sm=F8rgrav wrote: > RW writes: >> "Dag-Erling Sm=F8rgrav" writes: >> > You can't rely on the existence of a TSC. I would suggest using the >> > fractional part of binuptime instead. >> get_cyclecount() is supposed to be platform independent and should >> fall-back to nanotime(9) if TSC or equivalent is absent. > > I just thought of another issue with get_cyclecount(). > > On machines with TSCs, its resolution varies with the CPU's speed > (nominal or actual, depending on the exact model). This means that > attachtime measurements have far lower resolution and therefore less > entropy on slow machines than on fast ones. > > This doesn't mean we can't use get_cyclecount(), just that we shouldn't > base our entropy estimates on data gathered on a fast system. We should certainly see how things look on slow systems, but note that if the resolution is lower, then the measurements will also be smaller (assuming attachment takes similar time), and so we will claim less entropy anyway :-)