Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Sep 2012 22:39:06 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Collecting entropy from device_attach() times.
Message-ID:  <20120925223906.32f6597b@gumby.homeunix.com>
In-Reply-To: <CANsh1da6ti9_97bhtOwjC4B8GW3Bn%2B==d67GDsJqBV4oTZgh1Q@mail.gmail.com>
References:  <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> <CAG5KPzxf0Rfufk5K6Jt4e85xc7zXY_B3a2Sq0Uf_uVLHbV-baw@mail.gmail.com> <CANsh1da59oRAB%2B1OsdoHXKe-ushoy16g2=rfXg_2-MjUevGCqA@mail.gmail.com> <CANsh1da6ti9_97bhtOwjC4B8GW3Bn%2B==d67GDsJqBV4oTZgh1Q@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Sep 2012 11:36:31 +0200
Mariusz Gromada wrote:


> Here we did some initial testing, mainly based on charts, which showed
> typical noise in time. But again, it requires a formal proof.

When you say formal proof lets be clear that you aren't actually
proving anything about entropy.

Entropy and randomness are two completely different concepts.
Good randomness is not a requirement of an entropy source, and
doesn't imply anything at all about entropy.

What's actually happening here is that that observations are being
made on randomness and then translated into entropy based on the
assumption that an attacker can never gain any advantage over treating
the timings as the product of a black box.    




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120925223906.32f6597b>