From owner-freebsd-security@FreeBSD.ORG  Wed Oct  3 11:42:09 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0F002106566B;
	Wed,  3 Oct 2012 11:42:09 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
	by mx1.freebsd.org (Postfix) with ESMTP id B86488FC08;
	Wed,  3 Oct 2012 11:42:05 +0000 (UTC)
Received: from ds4.des.no (smtp.des.no [194.63.250.102])
	by smtp.des.no (Postfix) with ESMTP id C3CD16E82;
	Wed,  3 Oct 2012 13:42:04 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 76C8D8140; Wed,  3 Oct 2012 13:42:04 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: RW <rwmaillists@googlemail.com>
References: <20120918211422.GA1400@garage.freebsd.pl>
	<20120919231051.4bc5335b@gumby.homeunix.com>
	<20120920102104.GA1397@garage.freebsd.pl>
	<201209200758.51924.jhb@freebsd.org>
	<20120922080323.GA1454@garage.freebsd.pl>
	<20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com>
	<20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com>
	<CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com>
	<86r4pqqwnm.fsf@ds4.des.no> <86ipat6n0o.fsf@ds4.des.no>
	<86y5joiyan.fsf@ds4.des.no>
	<20121003011607.5553fe48@gumby.homeunix.com>
Date: Wed, 03 Oct 2012 13:42:03 +0200
In-Reply-To: <20121003011607.5553fe48@gumby.homeunix.com> (RW's message of
	"Wed, 3 Oct 2012 01:16:07 +0100")
Message-ID: <86txub93zo.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Anderson <jonathan.anderson@cl.cam.ac.uk>,
	Pawel Jakub Dawidek <pjd@freebsd.org>,
	John Baldwin <jhb@freebsd.org>, Ben Laurie <benl@freebsd.org>,
	freebsd-security@freebsd.org, Mariusz Gromada <mariusz.gromada@gmail.com>,
	Jonathan@FreeBSD.ORG
Subject: Re: Collecting entropy from device_attach() times.
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2012 11:42:09 -0000

RW <rwmaillists@googlemail.com> writes:
> As I pointed-out before if you use binuptime() you cant use entropy
> estimation based on bit-shifting time differences.

Forgot to answer this: yes you can.  The last time I raised the issue, I
also provided sample code for reimplementing get_cyclecount() in terms
of binuptime().  Basically, you discard the top N bits of the integer
portion and the bottom 64 - N bits of the fractional portion, and you're
left with a monotonically increasing 64-bit value that will wrap around
at a point that depends on N.

BTW, get_cyclecount() is documented to work the way I suggest that it
should, not the way it actually does.  Also, the man page is incomplete.
For instance, it suggests, but does not state outright, that the value
may wrap around.  It also states categorically that TSCs are per-CPU in
SMP systems, whereas in fact all modern amd64 systems (and many P4-era
systems, contingent on motherboard support) have synchronized TSCs.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no