Date: Tue, 25 Sep 2012 11:29:39 +0200 From: Mariusz Gromada <mariusz.gromada@gmail.com> To: Ben Laurie <benl@freebsd.org> Cc: freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Pawel Jakub Dawidek <pjd@freebsd.org>, John Baldwin <jhb@freebsd.org> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <CANsh1da59oRAB%2B1OsdoHXKe-ushoy16g2=rfXg_2-MjUevGCqA@mail.gmail.com> In-Reply-To: <CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > You cannot conclude that - no test can tell you it, but this test > rather obviously does not, since what it tests is the equality of > probability distributions, so what you can now say is that the > distribution is square. A completely predictable sequence, say 0..63, > would satisfy that. > > Yes, I agree. That is way I proposed to Pawel analysis from the area of stochastic processes. > Empirically, it seems to me that these numbers are actually unlikely > to be correlated with each other, but that has not been tested. > Another yes, you are right. We need much more data to check if we have a stochastic process consisted of independent random variables. > > Also untested is correlation between the numbers from different > devices on the same run - if they were strongly correlated, for > example, that would be bad. > I have proposed that also, but it requires checking different architectures. I even offered my raspberry pi :-), but unfortunately FreeBSD does not want to work on it :-( > > Not that I dislike Pawel's approach, it seems promising, I'm just > pointing out the weakness of the analysis. > Again, thanks for pointing the weakness of the analysis, you are completely right about everything. I have been thinking about all of these issues, but unfortunately forgot to write it down as a constraints of the analysis. Regards, Mariusz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANsh1da59oRAB%2B1OsdoHXKe-ushoy16g2=rfXg_2-MjUevGCqA>