From owner-freebsd-security@FreeBSD.ORG Tue Sep 25 21:39:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E1502106566B for ; Tue, 25 Sep 2012 21:39:12 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 61A1A8FC14 for ; Tue, 25 Sep 2012 21:39:12 +0000 (UTC) Received: by wibhq12 with SMTP id hq12so3148890wib.13 for ; Tue, 25 Sep 2012 14:39:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=U3fzGbaU6tQ/mc9t68zGthBU1DdItdlVnhkD4eSczx4=; b=IR5/BfL/AkUXItxCXbn94wlm3Cf2L5HQnM/4W42AYW3FBG3PAt2+XAsLvyUEHgNZ5G qa/a2oL8ALpYRMS72GuOEOrZKV924npVpMyPMq2ZlpfejlSm0+ruRH1nMAd6plAKdfrO EaWZF8jbabNrd+BKXqq8HA2l/L73B7GGJVN92YMIDEHhTg9hx8Fg9NdIRxJ2+765QePS VVHEvauOM97ihUVtQKNQpMxVGPKhncOc+qI8HW4Fbv7cilcoN40Krp0P/DmratzOdAbh 59w/8zc4+oXl/OLugrFpTbPjXBRLgzVCGwBR1r1L9+N0gwTpdFNDV4e9yDJojysQc7ZG 4IkQ== Received: by 10.216.194.223 with SMTP id m73mr10382540wen.144.1348609151128; Tue, 25 Sep 2012 14:39:11 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id f10sm2834389wiy.9.2012.09.25.14.39.08 (version=SSLv3 cipher=OTHER); Tue, 25 Sep 2012 14:39:10 -0700 (PDT) Date: Tue, 25 Sep 2012 22:39:06 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120925223906.32f6597b@gumby.homeunix.com> In-Reply-To: References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <201209200758.51924.jhb@freebsd.org> <20120922080323.GA1454@garage.freebsd.pl> <20120922195325.GH1454@garage.freebsd.pl> <505E59DC.7090505@gmail.com> <20120923151706.GN1454@garage.freebsd.pl> <5060D723.6020305@gmail.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2012 21:39:13 -0000 On Tue, 25 Sep 2012 11:36:31 +0200 Mariusz Gromada wrote: > Here we did some initial testing, mainly based on charts, which showed > typical noise in time. But again, it requires a formal proof. When you say formal proof lets be clear that you aren't actually proving anything about entropy. Entropy and randomness are two completely different concepts. Good randomness is not a requirement of an entropy source, and doesn't imply anything at all about entropy. What's actually happening here is that that observations are being made on randomness and then translated into entropy based on the assumption that an attacker can never gain any advantage over treating the timings as the product of a black box.