Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Feb 2002 10:11:37 -0800
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Lars Eggert <larse@ISI.EDU>
Cc:        hackers@freebsd.org
Subject:   Re: which irqs are generally good for rndcontrol?
Message-ID:  <3C6414D9.781B3676@mindspring.com>
References:  <3C641095.50801@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Lars Eggert wrote:
> quick question: Are there any irqs that are generally a good source of
> entropy, for use with rndcontrol? I need a single setting that works
> well on a number of different machines (for our default configuration).
> Are there any drawbacks to specifying many irqs here (in the hope that
> some have good entropy on some machines, and others on other)?

Everywhere I've ever worked, they've picked IRQs that
were right in the performance path, so it screws up
your performance.

They've also picked IRQs that can't really provide any
"entropy" until after the system is up, and the weenie
thing hangs in the salting while it's "harvesting
entropy".

This was true, even when the system had perfectly good
crypto hardware that could be used to generate random
numbers without relying on the "entropy" stuff (the
"entropy" stuff is pretty much done with no respect for
large number theory; multiplying two random numbers
together makes them *less* random, not *more*).

My preference is for pre-baked "entropy" from the
entropy store: jam the old state back in after each boot,
and start life with something like a hashed copy of the
install time, the install kernel, the /etc/ttys file, or
whatever.  As long as you save it and restore it each
time and futz in the boot time in case it didn't save
on the last panic, I think it's fine.


For those who will inevitably jump in and claim "It's
not random!  The sky is falling!"... prove it by writing
an exploit, K PLZ THX.

8-).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C6414D9.781B3676>