Date: Tue, 18 Sep 2012 23:14:22 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: Collecting entropy from device_attach() times. Message-ID: <20120918211422.GA1400@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful and advertising to yarrow that each call has only 4 bits of entropy (most of the time there is much more). This gives 300 bits of entropy on this machine before we even start init. For real hardware like sound card it takes between 34647162 and 35548675 cycles to run device_attach(), so the difference here is 901513. If all the times are more or less equally probable in this range we have more than 19 bits of entropy from this one call, but I reduced if to four bits only, because there are devices that are much faster to attach. We could make the code more complex by assuming 0.01% of the time varies, which should still be safe and will allow to collect more entropy from those long calls. The patch is here: http://people.freebsd.org/~pjd/patches/harvest_device_attach.patch Comments? --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBY5CoACgkQForvXbEpPzSxewCdGYz/LSd3nDjqKJXY/++5fBGW ucUAn2unEr8oDCXKo2m4pyKgAy7UDpNB =6LoM -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120918211422.GA1400>