From owner-freebsd-security@FreeBSD.ORG Wed Sep 19 22:52:58 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: by hub.freebsd.org (Postfix, from userid 664) id 3DC941065672; Wed, 19 Sep 2012 22:52:58 +0000 (UTC) Date: Wed, 19 Sep 2012 15:52:57 -0700 From: David O'Brien To: Pawel Jakub Dawidek Message-ID: <20120919225257.GA26160@dragon.NUXI.org> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919223459.GC25606@dragon.NUXI.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120919223459.GC25606@dragon.NUXI.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Wed, 19 Sep 2012 23:13:04 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@nuxi.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2012 22:52:58 -0000 On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien (@FreeBSD) wrote: > On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote: > > I experimented a bit with collecting entropy from the time it takes for > > device_attach() to run (in CPU cycles). It seems that those times have > > enough variation that we can use it for entropy harvesting. It happens > > even before root is mounted, so pretty early. > > I like it. Microsoft harvests from something like 900 events/things. Some of this is documented in 'Windows 7 CNGSYS FIPS Security Policy.docx' Section 5.3.2 "SystemPrng". [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1328.pdf] should this give anyone more ideas... -- -- David