From owner-freebsd-security@FreeBSD.ORG Wed Oct 3 13:51:23 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1680106564A; Wed, 3 Oct 2012 13:51:23 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8DB468FC14; Wed, 3 Oct 2012 13:51:19 +0000 (UTC) Received: by bkcjf20 with SMTP id jf20so5193472bkc.13 for ; Wed, 03 Oct 2012 06:51:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=vc/set44TbujU5+4tt2GD67U+LzMnAW2yEb0Sz0bbXc=; b=tMmknU3D191Z6fYqpemVQo6uQcxv9Y+7QeBSaWoADPve9d92E4NQAhE2CYACNedQEp WWNU8S8T1YqEfeq4WCl+JGBp78CVtG4oo5NnpVmb4WDsehGCCw/gpsb7nrcvVWxFTtXs GBIvBIXgfJ/8D83YoZCAThX8lkwu5ezsav9IGutq4zUT2e1LvRqc5rawMD0zADjyWXQo l76fFqvpt0vxgcNioMgiD4lYEivopIZnc7HFI2P8cSUk+u/eV4pB2Lj+Pxn0VIdromsb WRHaasiA/YH9N6YcjHBCWMcodYldSkkLYWYPsyhuzfo7/9gXzWFdt0jJQvOfLL/1kak9 Nocg== Received: by 10.204.3.214 with SMTP id 22mr512002bko.108.1349272273330; Wed, 03 Oct 2012 06:51:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id e3sm3613392bks.7.2012.10.03.06.51.09 (version=SSLv3 cipher=OTHER); Wed, 03 Oct 2012 06:51:11 -0700 (PDT) Date: Wed, 3 Oct 2012 14:51:07 +0100 From: RW To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= Message-ID: <20121003145107.264e3174@gumby.homeunix.com> In-Reply-To: <86txub93zo.fsf@ds4.des.no> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <86r4pqqwnm.fsf@ds4.des.no> <86ipat6n0o.fsf@ds4.des.no> <86y5joiyan.fsf@ds4.des.no> <20121003011607.5553fe48@gumby.homeunix.com> <86txub93zo.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Anderson , Ben, John Baldwin , Laurie , freebsd-security@freebsd.org, Mariusz Gromada , Pawel Jakub Dawidek , Jonathan@FreeBSD.ORG Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2012 13:51:24 -0000 On Wed, 03 Oct 2012 13:42:03 +0200 Dag-Erling Sm=F8rgrav wrote: > RW writes: > > As I pointed-out before if you use binuptime() you cant use entropy > > estimation based on bit-shifting time differences. >=20 > Forgot to answer this: yes you can. The last time I raised the > issue, I also provided sample code for reimplementing > get_cyclecount() in terms of binuptime(). Basically, you discard the > top N bits of the integer portion and the bottom 64 - N bits of the > fractional portion, and you're left with a monotonically increasing > 64-bit value that will wrap around at a point that depends on N. >=20 Yes, getting a monotonically increasing value from binuptime() is simple, but the xor issue is secondary to the problem I was referring to when I quoted the arm code for get_cyclecount(). When the time difference comes from the TSC, Pavels code computes an amount of entropy that scales reasonably well with TSC frequency. When when you use binuptime() you've thrown away all counter frequency information. The entropy calculation will produce a completely bogus figure.