Date: Mon, 20 Aug 2012 15:43:16 -0700 From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: Ben Laurie <ben@links.org> Cc: freebsd-arch@freebsd.org Subject: Re: /dev/random Message-ID: <20120820224316.GC96700@troutmask.apl.washington.edu> In-Reply-To: <CAG5KPzwBzWvDFDZqzT4masbknKfVe-rvdTd1h6ZxEoG90Rcxqg@mail.gmail.com> References: <CAG5KPzz4GQ2C_ky_qrDroQ4srGL4daW0OO-F3eOvvL-9AO6zoQ@mail.gmail.com> <20120820220243.GA96700@troutmask.apl.washington.edu> <CAG5KPzwBzWvDFDZqzT4masbknKfVe-rvdTd1h6ZxEoG90Rcxqg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 20, 2012 at 11:05:39PM +0100, Ben Laurie wrote: > On Mon, Aug 20, 2012 at 11:02 PM, Steve Kargl > <sgk@troutmask.apl.washington.edu> wrote: > > On Mon, Aug 20, 2012 at 07:49:16PM +0100, Ben Laurie wrote: > >> Apparently /dev/random uses h/w PRNGs if available, discarding all > >> other sources of randomness. > >> > >> This seems like a mistake to me - we should fix it. > >> > >> Also, it seems that entropy is available in detailed interrupt timing > >> (see http://www.issihosts.com/haveged/) which might be useful on > >> entropy-starved systems - I suspect we are not exploiting this source, > >> and in light of recent developments, we probably should be, > >> > >> Comments? > > > > Well, it's hard to comment when you failed to explain > > *why* you think it is a mistake. > > Sorry - because I do not think it is wise to trust the h/w prng so > much we discard other entropy. > I guess I simply don't understand your terseness here. FreeBSD collects entropy (on my system) from kern.random.sys.harvest.ethernet: 1 kern.random.sys.harvest.point_to_point: 1 kern.random.sys.harvest.interrupt: 1 kern.random.sys.harvest.swi: 0 What do you mean by h/w prng here? Are you talking about these sysctls and what each collects? Or, are you talking about h/w crypto accelerators such as hifn(4) and padlock(4)? > > In addition, I'm having > > a hard time parsing your 1st sentence, which appears to > > be related to this sentence: > > > > The device will probe for certain hardware entropy sources, > > and use these in preference to the fallback, which is a > > generator implemented in software. > > > > from 'man 4 random'. Your 'all other sources of randomness' > > would then need to be amended to 'all other sources of entropy'. > > But, then 'all other sources' does not make sense, because only > > the 'generator implemented in software' is discarded. > > That is everything except the hardware, right? So ... all other sources. It's a single source. Not sure why you want to write 'all other sources.' Unless you're being overly dramatic to sway opinion to your desire result that it is a bad idea. > > It is also unclear why a linux-only project for gathering entropy > > is relevant here given that FreeBSD already has the ability to > > use both hardware and software interrupts as sources of entropy. > > It is relevant because it seems there is entropy available in > fine-grained timing. kern.random.sys.harvest.swi controls collection of entropy from SWI, implicit would (implicitly?) be controlled by timing of the interrupt. -- Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120820224316.GC96700>