From owner-freebsd-security  Mon Sep  4  5:44:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id B315E37B424; Mon,  4 Sep 2000 05:44:37 -0700 (PDT)
Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id MAA03727; Mon, 4 Sep 2000 12:44:28 GMT
Message-ID: <39B3992B.7B823DEE@algroup.co.uk>
Date: Mon, 04 Sep 2000 13:44:28 +0100
From: Adam Laurie <adam@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.72 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Kris Kennaway <kris@FreeBSD.org>
Cc: James Wyatt <jwyatt@rwsystems.net>,
	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	Adam Back <adam@cypherspace.org>, security@FreeBSD.org
Subject: Re: yarrow & /dev/random
References: <Pine.BSF.4.21.0008270011040.64244-100000@freefall.freebsd.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway wrote:
> 
> On Sun, 27 Aug 2000, James Wyatt wrote:
> 
> > On servers with no regular keyboard or mouse use, there is usually enough
> > entropy in the disk and network IO to serve the purpose. Small servers
> > with low net and disk entropy often get used as consoles for busier
> > servers. Your mileage may vary, of course. What other sources of entropy
> > might one consider? Maybe an AM radio tuned to static hooked into
> > /dev/audio to get random samples? - Jy@
> 
> My observations suggest that a sound card tuned to maximum input gain with
> no microphone input (i.e. sampling noise in the card) is a very good
> source of randomness, with at least 6 bits of entropy per 16 bit sample
> for most cards, which can be sampled at 44Khz (i.e. about 32 kilobytes of
> randomness per second, far in excess of what Yarrow needs).
> 
> More than enough for even heavy server needs.

This is only safe to do if you can guarantee that your sound card is
protected from outside influence - e.g. radio transmissions putting
known noise into your data. TEMPEST shielding would be a good start.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message