Date: Sat, 22 Sep 2012 21:53:26 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Mariusz Gromada <mariusz.gromada@gmail.com> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120922195325.GH1454@garage.freebsd.pl> In-Reply-To: <20120922080323.GA1454@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--boAH8PqvUi1v1f55 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 22, 2012 at 10:03:23AM +0200, Pawel Jakub Dawidek wrote: > If discarding top ten bit in case of such dummy driver is enough, we > could probably discard less from drivers that interact with real > hardware, but even with 43 device_attach() calls during boot on similar > hardware and assuming that we can get only 6 bits of entropy from each > call, it gives us more than 256 bits of entropy. In other words I don't > think we should further complicate this and that we should stick to > entropy estimations from my current patch. I made additional calculations to see where is the line we shall not cross. I checked how distribution would look like for 6, 7, 8, 9, 10, 11 and 12 bit values (so we discard from top 10 to top 4 bits): http://people.freebsd.org/~pjd/misc/device_attach_6bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_7bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_8bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_9bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_10bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_11bit.jpg http://people.freebsd.org/~pjd/misc/device_attach_12bit.jpg And source in libreoffice: http://people.freebsd.org/~pjd/misc/device_attach_6-12_bits.ods It looks like we can safely discard even only 7 bits (leaving 9 bits of entropy). With 10bit value the maximum difference between theoretical and empirical distribution goes to 6.34% which I don't think is acceptable. On the other hand the differences for 6, 7, 8 and 9 are very small: 6bit: 0.33% 7bit: 0.29% 8bit: 0.27% 9bit: 0.21% For completness all the rest: 10bit: 6.34% 11bit: 19.07% 12bit: 54.80% Mariusz, can you confirm my findings? --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --boAH8PqvUi1v1f55 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBeFzUACgkQForvXbEpPzS0vgCeL1Mx6YqJkZEtHMM1D12yN4TL /1AAoME2hgUeoWnrEKDHnaqoBXv0ZGCW =c5U0 -----END PGP SIGNATURE----- --boAH8PqvUi1v1f55--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120922195325.GH1454>