Date: Wed, 3 Oct 2012 14:51:07 +0100 From: RW <rwmaillists@googlemail.com> To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben, John Baldwin <jhb@freebsd.org>, Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, Mariusz Gromada <mariusz.gromada@gmail.com>, Pawel Jakub Dawidek <pjd@freebsd.org>, Jonathan@FreeBSD.ORG Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20121003145107.264e3174@gumby.homeunix.com> In-Reply-To: <86txub93zo.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com> <86r4pqqwnm.fsf@ds4.des.no> <86ipat6n0o.fsf@ds4.des.no> <86y5joiyan.fsf@ds4.des.no> <20121003011607.5553fe48@gumby.homeunix.com> <86txub93zo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 03 Oct 2012 13:42:03 +0200 Dag-Erling Sm=F8rgrav wrote: > RW <rwmaillists@googlemail.com> writes: > > As I pointed-out before if you use binuptime() you cant use entropy > > estimation based on bit-shifting time differences. >=20 > Forgot to answer this: yes you can. The last time I raised the > issue, I also provided sample code for reimplementing > get_cyclecount() in terms of binuptime(). Basically, you discard the > top N bits of the integer portion and the bottom 64 - N bits of the > fractional portion, and you're left with a monotonically increasing > 64-bit value that will wrap around at a point that depends on N. >=20 Yes, getting a monotonically increasing value from binuptime() is simple, but the xor issue is secondary to the problem I was referring to when I quoted the arm code for get_cyclecount(). When the time difference comes from the TSC, Pavels code computes an amount of entropy that scales reasonably well with TSC frequency. When when you use binuptime() you've thrown away all counter frequency information. The entropy calculation will produce a completely bogus figure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121003145107.264e3174>