Date: Wed, 19 Sep 2012 15:52:57 -0700 From: David O'Brien <obrien@dragon.NUXI.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120919225257.GA26160@dragon.NUXI.org> In-Reply-To: <20120919223459.GC25606@dragon.NUXI.org> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919223459.GC25606@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien (@FreeBSD) wrote: > On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote: > > I experimented a bit with collecting entropy from the time it takes for > > device_attach() to run (in CPU cycles). It seems that those times have > > enough variation that we can use it for entropy harvesting. It happens > > even before root is mounted, so pretty early. > > I like it. Microsoft harvests from something like 900 events/things. Some of this is documented in 'Windows 7 CNGSYS FIPS Security Policy.docx' Section 5.3.2 "SystemPrng". [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1328.pdf] should this give anyone more ideas... -- -- David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120919225257.GA26160>