From owner-freebsd-current Mon Mar 12 14:17: 5 2001 Delivered-To: freebsd-current@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 0FF2F37B719 for ; Mon, 12 Mar 2001 14:17:01 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f2CMGXR75489; Mon, 12 Mar 2001 14:16:33 -0800 (PST) (envelope-from dillon) Date: Mon, 12 Mar 2001 14:16:33 -0800 (PST) From: Matt Dillon Message-Id: <200103122216.f2CMGXR75489@earth.backplane.com> To: Mark Murray Cc: current@FreeBSD.ORG Subject: Re: Ethernet entropy harvesting seriously pessimizes performance References: <200103122103.f2CL3YZ74166@earth.backplane.com> <200103122144.f2CLi3f92042@gratis.grondar.za> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :> down and will work, SNAP, just like that? : :Because I need to make folks other than you happy. : :Lots of security minded people what _all_ the interrupt entropy :they can get, and this method gives them that while allowing others :to throttle the harvester back. : :M :-- :Mark Murray :Warning: this .sig is umop ap!sdn And if I were paranoid I could setup an interrupt a thousand times a second to scan all of physical memory and harvest the randomness from that. I am a security minded person... and I am also pragmatic. There's such a thing as overkill and your random number generator is doing it in spades. It is entirely unnecessary. Maybe rather then throw in the overkill you should actually *test* the random number generator to see where the randomness starts to break down when lowering the harvest rate. Thousands of harvests a second is just plain insane, no matter how security minded your 'lots of security minded people' are. Just ten a second should be plenty good enough, frankly, even for a paranoid security minded guy, especially considering the amount of memory the random number generator is using for state. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message