From owner-freebsd-security@FreeBSD.ORG Tue Sep 25 09:05:03 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DFED0106564A; Tue, 25 Sep 2012 09:05:02 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5CFC58FC1D; Tue, 25 Sep 2012 09:05:02 +0000 (UTC) Received: by vcbfw7 with SMTP id fw7so9410799vcb.13 for ; Tue, 25 Sep 2012 02:05:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=zC0SBswMgqZgNG4yvIOOGkr0YjZR0btw8yB0wz/ftD8=; b=DmCQ5DdPxPbYk2I5Tg58Zlpq1ZUrdWtQehtCjwfUQY8kS7459pDxb1qt5MciWBsGwX HNszQW5qvSCDO8Du7qTR2K4WtXqJtCun1z3khJfC/+E4ptOdObpf1eS8RYQg9b9n4ktx BB6GUFp+gZ73VozsIfaIYoj0GR0ZKkYlXDCcIAauz+Q8e91UInb775TiHEqmw2DaBUNy SGRWEMdwsOYhNatLt2dwlALxXzu6SSvgqvCzqSNpPhlcKdZWlfAXyIepaPeiSpMyaO/a BYB06u+7AiqgVPG48WErVR23PGFb8YIdHg+nMoTqkMRlq6RrBFs0Hp5LAvQ/4gn23aDU mvvw== MIME-Version: 1.0 Received: by 10.52.70.48 with SMTP id j16mr5461364vdu.1.1348563901798; Tue, 25 Sep 2012 02:05:01 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Tue, 25 Sep 2012 02:05:01 -0700 (PDT) In-Reply-To: <20120925053246.GI1413@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <5060DA45.30808@gmail.com> <20120925053246.GI1413@garage.freebsd.pl> Date: Tue, 25 Sep 2012 10:05:01 +0100 X-Google-Sender-Auth: CV3goILN_w3_lpidNRvq3ynes8I Message-ID: From: Ben Laurie To: Pawel Jakub Dawidek Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, RW , Jonathan Anderson , Mariusz Gromada , John Baldwin Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 09:05:03 -0000 On Tue, Sep 25, 2012 at 6:32 AM, Pawel Jakub Dawidek wrote: > On Tue, Sep 25, 2012 at 12:10:13AM +0200, Mariusz Gromada wrote: >> W dniu 2012-09-24 23:56, Mariusz Gromada pisze: >> >> > Ok, finally I have some formal results. To be completely honest I need >> > to point out that, in fact, we have a discrete data (for example >> > integers 0, 1, ..., 63, but not continues numbers spread across 0 and >> > 63). That is way I am going to use two sample Kolmogorov-Smirnov test. >> >> Another clarification is needed. KS test in general (and in theory) >> should be used for continuous distributions. But in our case we can >> easily say that we observe our distribution in integers only (rounding), >> and the whole rest is easily estimated. > > Thanks a lot! > > To the list: > > phk@ asked me privately to check if there is no correclation between > consecutive device_attach() calls during single boot. > > For example each device_attach() separately can yield great entropy in > every tests, but all those calls combined might be somehow related, ie. > during one boot all calls take a bit longer and in another boot all > calls take a bit less, which could decrease total entropy we should > estimate out of it. > > I created dummy driver which was registering three dummy drivers, so it > was provoking three device_attach() calls on every kldload. Mariusz > verified the observations and there was no correlation between the > times. Sorry to those that are bored, but ... what was the methodology? > I believe everyone is bored at this point, so I'd like to propose a way > forward: > > I'll perform one more test with CPU clock speed reduced as much as it > can be and see if rejecting 7 top bits is still fine. If it is, I'd like > to commit my patch. I was wondering if I should hide it under > #ifdef __amd64__, but the only risk in having it on all platforms is > eventually being overestimating available entropy, which is bad, but I > think better than not providing any entropy this method. On the other > hand having it on one or two platforms only would maybe motivate people > to verify it on other platforms. > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://tupytaj.pl