Re: Collecting entropy from device_attach() times.
--boAH8PqvUi1v1f55
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Sep 22, 2012 at 10:03:23AM +0200, Pawel Jakub Dawidek wrote:
> If discarding top ten bit in case of such dummy driver is enough, we
> could probably discard less from drivers that interact with real
> hardware, but even with 43 device_attach() calls during boot on similar
> hardware and assuming that we can get only 6 bits of entropy from each
> call, it gives us more than 256 bits of entropy. In other words I don't
> think we should further complicate this and that we should stick to
> entropy estimations from my current patch.
I made additional calculations to see where is the line we shall not
cross. I checked how distribution would look like for 6, 7, 8, 9, 10, 11
and 12 bit values (so we discard from top 10 to top 4 bits):
http://people.freebsd.org/~pjd/misc/device_attach_6bit.jpg
And source in libreoffice:
http://people.freebsd.org/~pjd/misc/device_attach_6-12_bits.ods
It looks like we can safely discard even only 7 bits (leaving 9 bits of
entropy). With 10bit value the maximum difference between theoretical
and empirical distribution goes to 6.34% which I don't think is
acceptable. On the other hand the differences for 6, 7, 8 and 9 are
very small:
6bit: 0.33%
7bit: 0.29%
8bit: 0.27%
9bit: 0.21%
For completness all the rest:
10bit: 6.34%
11bit: 19.07%
12bit: 54.80%
Mariusz, can you confirm my findings?
--=20
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
--boAH8PqvUi1v1f55
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlBeFzUACgkQForvXbEpPzS0vgCeL1Mx6YqJkZEtHMM1D12yN4TL
/1AAoME2hgUeoWnrEKDHnaqoBXv0ZGCW
=c5U0
-----END PGP SIGNATURE-----
--boAH8PqvUi1v1f55--
討論串 (同標題文章)
完整討論串 (本文為第 42 之 80 篇):