From owner-freebsd-arch@FreeBSD.ORG  Tue Aug 21 08:55:02 2012
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 901C9106566B
	for <freebsd-arch@freebsd.org>; Tue, 21 Aug 2012 08:55:02 +0000 (UTC)
	(envelope-from benlaurie@gmail.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 53ACC8FC14
	for <freebsd-arch@freebsd.org>; Tue, 21 Aug 2012 08:55:02 +0000 (UTC)
Received: by ialo14 with SMTP id o14so4154230ial.13
	for <freebsd-arch@freebsd.org>; Tue, 21 Aug 2012 01:55:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type;
	bh=gO2h7hxfqIL7+5giinSe4Nb9LfNWF0x0qcw8hyDUKcY=;
	b=ApKV0P74J18hu/OrM6G8e5JPA0KosZyZB1yDUU4IC3oFBIZa6R1Ks7qBPOVzEVyulL
	VY8hNU1tASn1d63gpqeX03DEviCX4aY9xUh3qJj12o3n/WxXCSgX+Sjne53LziigaSiW
	dIGVgMWSmM8Rhkv82+41T2g4SHcvN5DP+ANt6fyMpjkleWMYPqN0O7/HaEl7ggfiXzBq
	MrEMeDpiQ3+8MjLX5vCqDgCikxYOlgynWZ5jB5zJZIHndEgMXCUckFL+2QKvGkuw83I8
	FjtR/dKysdua1slAj3o/zEQhFQzhu025S5aVi1ZlB7hw6Tk9fLpkjzp3Jp5W5t1PK6Z3
	mI+Q==
MIME-Version: 1.0
Received: by 10.42.61.16 with SMTP id s16mr13418877ich.7.1345539301723; Tue,
	21 Aug 2012 01:55:01 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.50.101.232 with HTTP; Tue, 21 Aug 2012 01:55:01 -0700 (PDT)
In-Reply-To: <20120820225504.GA78528@server.rulingia.com>
References: <CAG5KPzz4GQ2C_ky_qrDroQ4srGL4daW0OO-F3eOvvL-9AO6zoQ@mail.gmail.com>
	<20120820220243.GA96700@troutmask.apl.washington.edu>
	<CAG5KPzwBzWvDFDZqzT4masbknKfVe-rvdTd1h6ZxEoG90Rcxqg@mail.gmail.com>
	<20120820225504.GA78528@server.rulingia.com>
Date: Tue, 21 Aug 2012 09:55:01 +0100
X-Google-Sender-Auth: uAwycw-1NuvCrKaKCuFGQQBaHiM
Message-ID: <CAG5KPzwy0csR0F5WXVmDg9=3vDiPXf9X=Zz=dAsXpMEnjjn6AQ@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: Peter Jeremy <peter@rulingia.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-arch@freebsd.org
Subject: Re: /dev/random
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2012 08:55:02 -0000

On Mon, Aug 20, 2012 at 11:55 PM, Peter Jeremy <peter@rulingia.com> wrote:
> On 2012-Aug-20 23:05:39 +0100, Ben Laurie <ben@links.org> wrote:
>>It is relevant because it seems there is entropy available in
>>fine-grained timing.
>
> Part of the entropy harvested at each of the sampling points is
> the CPU cyclecounter (eg TSC).  It's difficult to see what finer
> grained timing you expect to be used.

In the wake of https://factorable.net/weakkeys12.conference.pdf, I'm
wondering how well we do on entropy-starved devices. The thing that
worries me about TSC is that multiple identical devices may get
similar values during initialisation (I don't know if they do, has
anyone studied this?). Skew between TSC and a real-time clock might be
useful (because ultimately the RTC relies on a clock that is not
synchronised with the CPU clock), but AFAICS we don't use the RTC to
provide randomness. I could be missing something, of course, I've only
recently started looking at this code.