Date: Wed, 3 Oct 2012 01:16:07 +0100 From: RW <rwmaillists@googlemail.com> To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: Anderson <jonathan.anderson@cl.cam.ac.uk>, Pawel Jakub Dawidek <pjd@freebsd.org>, John Baldwin <jhb@freebsd.org>, Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, Mariusz Gromada <mariusz.gromada@gmail.com>, Jonathan Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20121003011607.5553fe48@gumby.homeunix.com> In-Reply-To: <86y5joiyan.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com> <86r4pqqwnm.fsf@ds4.des.no> <86ipat6n0o.fsf@ds4.des.no> <86y5joiyan.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 02 Oct 2012 19:22:40 +0200 Dag-Erling Sm=F8rgrav wrote: > 2) I modified the program to create a histogram of the lower bits and > looked at that in gnuplot. It was immediately obvious that the > distribution is extremely non-uniform. I suspect that this is - at > least in part - due to the weird way get_cyclecount() computes the > value it returns. =20 It doesn't compute it in a weird way for amd64 and most i386 systems. Where possible, get_cyclecount is just a wrapper for rdtsc, which I think it will be for all the systems you quoted (with the possible exception of virtualbox). I don't think one should necessarily expect the bits to get progressively more random going from high to low order. If you think in terms of simple variable analogue delays it seems reasonable, but a physical device may have its own internal timing granulation.=20 > We should either rewrite it to return something > sensible or nuke it and use binuptime() instead. As I pointed-out before if you use binuptime() you cant use entropy estimation based on bit-shifting time differences.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121003011607.5553fe48>