Date: Mon, 17 Jul 2000 09:19:25 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Mark Murray <mark@grondar.za> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007171319.JAA04774@whizzo.transsys.com> In-Reply-To: Your message of "Mon, 17 Jul 2000 10:40:59 %2B0200." <200007170841.KAA00459@grimreaper.grondar.za> References: <672.963815058@critter.freebsd.dk> <200007170841.KAA00459@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
> > In message <200007170607.IAA05866@grimreaper.grondar.za>, Mark Murray writes: > > > > >getnanotime() is already extensively used; > > > > I looked at that use, but as far as I can tell, it is only used as a > > flag at this time, the bits returned by getnanotime() does not end up > > in the entropy pool ? > > Not true; struct entropy contains nanotime and the harvested entropy; > _both_ are hashed in the reseed operation. > > > I'm not dissatisfied about that btw, the output from getnanotime() > > is not very random at all, unless you dive into the timecounter > > code to find out what the parameters are. > > I agree that it is not (very) random; however cclock jitter and keystroke > timing can help thwart the bad guys... But do please keep in mind that many of my FreeBSD platforms have neither keyboard or mouse. And for the ones that do, they tend not to get used until long after the system boots. It's essential that the randomness harvesting also be driven off of other events, such as network interface or storage system interrupts for these environments. In fact, it would be rather interesting to have a configuration flag which always forces something like an fsck on a file system in order to provide some entropy to the random device. Or some other user-exposed way of providing entropy. I might have some data on disk, or some network operations which can be performed to help seed the entropy pool. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007171319.JAA04774>