Re: Collecting entropy from device_attach() times.
On Wed, 19 Sep 2012 22:53:32 +0200
Pawel Jakub Dawidek wrote:
> Here's how the distribution looks like for device_attach() times of my
> sound card. The times were 26bit numbers, so this is after discarding
> top ten bits, which leave us with 16 lower bits of pure entropy:)
>
> http://people.freebsd.org/~pjd/misc/harvest_device_attach.png
You're basing a model for all devices on a single sound card, that
doesn't seem safe to me. Isn't it possible that a device could take a
long and well defined time? Some interrupts can carry a lot of entropy
but they are still only accounted at 2 bits.
I don't see the point of trying to set a realistic number of bits
unless there's a need for secure random numbers before initrandom. If
there isn't then you might just as well set the estimation at zero
bits, and avoid wasting cpu cycles on unnecessary spontaneous reseeds
before the forced reseed.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 12 之 80 篇):