From owner-freebsd-security@FreeBSD.ORG Tue Sep 25 10:22:18 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65781106566B; Tue, 25 Sep 2012 10:22:18 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 20D138FC14; Tue, 25 Sep 2012 10:22:17 +0000 (UTC) Received: from localhost (58.wheelsystems.com [83.12.187.58]) by mail.dawidek.net (Postfix) with ESMTPSA id 727094A1; Tue, 25 Sep 2012 12:21:17 +0200 (CEST) Date: Tue, 25 Sep 2012 12:22:41 +0200 From: Pawel Jakub Dawidek To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20120925102240.GC1571@garage.freebsd.pl> References: <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <86r4pqqwnm.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wxDdMuZNg1r63Hyj" Content-Disposition: inline In-Reply-To: <86r4pqqwnm.fsf@ds4.des.no> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Jonathan Anderson , John Baldwin , Ben Laurie , freebsd-security@freebsd.org, RW , Mariusz Gromada Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 10:22:18 -0000 --wxDdMuZNg1r63Hyj Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 25, 2012 at 11:28:13AM +0200, Dag-Erling Sm=F8rgrav wrote: > Ben Laurie writes: > > Not that I dislike Pawel's approach, it seems promising, I'm just > > pointing out the weakness of the analysis. >=20 > It is also based on fake data. >=20 > If you give me a couple of days, I'll try to come up with a patch that > collects and stores attach times during boot so we can gather and > analyse real data. Note that this fake data is the hardest to gather entropy from, as it doesn't interact with any external hardware. I'm all for testing it on real hardware and I expect to be able to gather even more entropy from it (so discarding less than top 7 bits). The problem with making observations during boot takes much, much longer, so it will limit the number os samples significantly, and as you know the more samples the better. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --wxDdMuZNg1r63Hyj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBhhfAACgkQForvXbEpPzTp5QCg0TCtOdPOdULwouNp3PWSM3E6 sNEAn3AaLO5ldhGhz4DFe1Gay7WB7TUE =5q0B -----END PGP SIGNATURE----- --wxDdMuZNg1r63Hyj--