Date: Wed, 19 Sep 2012 23:10:51 +0100 From: RW <rwmaillists@googlemail.com> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@freebsd.org, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Mariusz Gromada <mariusz.gromada@gmail.com> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120919231051.4bc5335b@gumby.homeunix.com> In-Reply-To: <20120919205331.GE1416@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <A8FD98DD94774D00B4E5F78D3174C1B4@gmail.com> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Sep 2012 22:53:32 +0200 Pawel Jakub Dawidek wrote: > Here's how the distribution looks like for device_attach() times of my > sound card. The times were 26bit numbers, so this is after discarding > top ten bits, which leave us with 16 lower bits of pure entropy:) > > http://people.freebsd.org/~pjd/misc/harvest_device_attach.png You're basing a model for all devices on a single sound card, that doesn't seem safe to me. Isn't it possible that a device could take a long and well defined time? Some interrupts can carry a lot of entropy but they are still only accounted at 2 bits. I don't see the point of trying to set a realistic number of bits unless there's a need for secure random numbers before initrandom. If there isn't then you might just as well set the estimation at zero bits, and avoid wasting cpu cycles on unnecessary spontaneous reseeds before the forced reseed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120919231051.4bc5335b>