From owner-freebsd-arch@FreeBSD.ORG Mon Aug 20 22:05:40 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 042881065673 for ; Mon, 20 Aug 2012 22:05:40 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id BE8DC8FC08 for ; Mon, 20 Aug 2012 22:05:39 +0000 (UTC) Received: by ialo14 with SMTP id o14so3653151ial.13 for ; Mon, 20 Aug 2012 15:05:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=FiDDRDP2zDEoD1YWqvW5aefXdEdYJMIcfByNO7Iubr4=; b=ADJ19FUz/jFq0LW59T0aGMfpiy5osouN0mYmElKiI7949+qDyWJNh2Dw+QNIZxUMpG KmOs3p2ZBI0jiNFevn3xkiCEL2vCfJl39rejEjtkzlx69rUz/BIVKkD/TSzrOky+mk1J XlRXPeGxZnAXPnWrqErQOKuuQNElza9NoswGkFnXYvpuqj+P8wT173m/qvHzCUiq7H/y CxuFMoxuLhiK4SZh362n9jFN0EVbn/WulyZk6O/DDYGtRFOiqMBK2HVaQHHjSeDA3z3C jjczW22FPFVEr0DQ7KTdGS5A+AbJt3dgAFUu/vY8UN5hpvpeZleIYFnjRQpa21sqTK7Y ayjg== MIME-Version: 1.0 Received: by 10.50.217.137 with SMTP id oy9mr11327521igc.56.1345500339168; Mon, 20 Aug 2012 15:05:39 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.50.101.232 with HTTP; Mon, 20 Aug 2012 15:05:39 -0700 (PDT) In-Reply-To: <20120820220243.GA96700@troutmask.apl.washington.edu> References: <20120820220243.GA96700@troutmask.apl.washington.edu> Date: Mon, 20 Aug 2012 23:05:39 +0100 X-Google-Sender-Auth: 8GQ0Xc9CzAkIYsylIyh4A4zitoo Message-ID: From: Ben Laurie To: Steve Kargl Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-arch@freebsd.org Subject: Re: /dev/random X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2012 22:05:40 -0000 On Mon, Aug 20, 2012 at 11:02 PM, Steve Kargl wrote: > On Mon, Aug 20, 2012 at 07:49:16PM +0100, Ben Laurie wrote: >> Apparently /dev/random uses h/w PRNGs if available, discarding all >> other sources of randomness. >> >> This seems like a mistake to me - we should fix it. >> >> Also, it seems that entropy is available in detailed interrupt timing >> (see http://www.issihosts.com/haveged/) which might be useful on >> entropy-starved systems - I suspect we are not exploiting this source, >> and in light of recent developments, we probably should be, >> >> Comments? > > Well, it's hard to comment when you failed to explain > *why* you think it is a mistake. Sorry - because I do not think it is wise to trust the h/w prng so much we discard other entropy. > In addition, I'm having > a hard time parsing your 1st sentence, which appears to > be related to this sentence: > > The device will probe for certain hardware entropy sources, > and use these in preference to the fallback, which is a > generator implemented in software. > > from 'man 4 random'. Your 'all other sources of randomness' > would then need to be amended to 'all other sources of entropy'. > But, then 'all other sources' does not make sense, because only > the 'generator implemented in software' is discarded. That is everything except the hardware, right? So ... all other sources. > It is also unclear why a linux-only project for gathering entropy > is relevant here given that FreeBSD already has the ability to > use both hardware and software interrupts as sources of entropy. It is relevant because it seems there is entropy available in fine-grained timing.