Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Sep 2012 10:05:01 +0100
From:      Ben Laurie <benl@freebsd.org>
To:        Pawel Jakub Dawidek <pjd@freebsd.org>
Cc:        freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Mariusz Gromada <mariusz.gromada@gmail.com>, John Baldwin <jhb@freebsd.org>
Subject:   Re: Collecting entropy from device_attach() times.
Message-ID:  <CAG5KPzz3ehKm%2BBN_0MCYfcRFkYxKzFLSTTFEpsJg3kK0BTvChQ@mail.gmail.com>
In-Reply-To: <20120925053246.GI1413@garage.freebsd.pl>
References:  <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <5060DA45.30808@gmail.com> <20120925053246.GI1413@garage.freebsd.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 25, 2012 at 6:32 AM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote:
> On Tue, Sep 25, 2012 at 12:10:13AM +0200, Mariusz Gromada wrote:
>> W dniu 2012-09-24 23:56, Mariusz Gromada pisze:
>>
>> > Ok, finally I have some formal results. To be completely honest I need
>> > to point out that, in fact, we have a discrete data (for example
>> > integers 0, 1, ..., 63, but not continues numbers spread across 0 and
>> > 63). That is way  I am going to use two sample Kolmogorov-Smirnov test.
>>
>> Another clarification is needed. KS test in general (and in theory)
>> should be used for continuous distributions. But in our case we can
>> easily say that we observe our distribution in integers only (rounding),
>> and the whole rest is easily estimated.
>
> Thanks a lot!
>
> To the list:
>
> phk@ asked me privately to check if there is no correclation between
> consecutive device_attach() calls during single boot.
>
> For example each device_attach() separately can yield great entropy in
> every tests, but all those calls combined might be somehow related, ie.
> during one boot all calls take a bit longer and in another boot all
> calls take a bit less, which could decrease total entropy we should
> estimate out of it.
>
> I created dummy driver which was registering three dummy drivers, so it
> was provoking three device_attach() calls on every kldload. Mariusz
> verified the observations and there was no correlation between the
> times.

Sorry to those that are bored, but ... what was the methodology?

> I believe everyone is bored at this point, so I'd like to propose a way
> forward:
>
> I'll perform one more test with CPU clock speed reduced as much as it
> can be and see if rejecting 7 top bits is still fine. If it is, I'd like
> to commit my patch. I was wondering if I should hide it under
> #ifdef __amd64__, but the only risk in having it on all platforms is
> eventually being overestimating available entropy, which is bad, but I
> think better than not providing any entropy this method. On the other
> hand having it on one or two platforms only would maybe motivate people
> to verify it on other platforms.
>
> --
> Pawel Jakub Dawidek                       http://www.wheelsystems.com
> FreeBSD committer                         http://www.FreeBSD.org
> Am I Evil? Yes, I Am!                     http://tupytaj.pl



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzz3ehKm%2BBN_0MCYfcRFkYxKzFLSTTFEpsJg3kK0BTvChQ>