From owner-freebsd-security@FreeBSD.ORG Tue Sep 25 16:37:11 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AFC80106566B; Tue, 25 Sep 2012 16:37:11 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 6C20C8FC14; Tue, 25 Sep 2012 16:37:10 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 14F4D592; Tue, 25 Sep 2012 18:36:11 +0200 (CEST) Date: Tue, 25 Sep 2012 18:37:35 +0200 From: Pawel Jakub Dawidek To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20120925163735.GC1391@garage.freebsd.pl> References: <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <86r4pqqwnm.fsf@ds4.des.no> <20120925102240.GC1571@garage.freebsd.pl> <86mx0eqsgy.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dkEUBIird37B8yKS" Content-Disposition: inline In-Reply-To: <86mx0eqsgy.fsf@ds4.des.no> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Jonathan Anderson , John Baldwin , Ben Laurie , freebsd-security@freebsd.org, RW , Mariusz Gromada Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 16:37:11 -0000 --dkEUBIird37B8yKS Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 25, 2012 at 12:58:37PM +0200, Dag-Erling Sm=F8rgrav wrote: > Pawel Jakub Dawidek writes: > > Note that this fake data is the hardest to gather entropy from, as it > > doesn't interact with any external hardware. I'm all for testing it on > > real hardware and I expect to be able to gather even more entropy from > > it (so discarding less than top 7 bits). The problem with making > > observations during boot takes much, much longer, so it will limit the > > number os samples significantly, and as you know the more samples the > > better. >=20 > I have a handful of SFF machines which support PXE. I can easily set up > an NFS root where /etc/rc just remounts / rw, dumps the data and > reboots. With a sub-minute cycle time, I can get a couple of hundred > thousand samples per machine over the weekend. That would be great. > (I don't even need PXE - they'll probably boot faster from USB sticks or > disks) And probably more reliable. My netbooted test machines occasionally don't boot and you don't want to find out in the morning that the whole process stopped at 1AM:) --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --dkEUBIird37B8yKS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBh3c4ACgkQForvXbEpPzTVKwCdFCECxe+wfQ4ivsJYT3miQWMy 7s4An3OzP2iWNAgD8Nc29k9qjyHqsaaS =/OCR -----END PGP SIGNATURE----- --dkEUBIird37B8yKS--