Re: Collecting entropy from device_attach() times.

看板FB_security作者pjd.時間13年前 (2012/09/25 14:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串48/80 (看更多)

--k9xkV0rc9XGsukaG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 25, 2012 at 12:10:13AM +0200, Mariusz Gromada wrote: > W dniu 2012-09-24 23:56, Mariusz Gromada pisze: >=20 > > Ok, finally I have some formal results. To be completely honest I need > > to point out that, in fact, we have a discrete data (for example > > integers 0, 1, ..., 63, but not continues numbers spread across 0 and > > 63). That is way I am going to use two sample Kolmogorov-Smirnov test. >=20 > Another clarification is needed. KS test in general (and in theory)=20 > should be used for continuous distributions. But in our case we can=20 > easily say that we observe our distribution in integers only (rounding),= =20 > and the whole rest is easily estimated. Thanks a lot! To the list: phk@ asked me privately to check if there is no correclation between consecutive device_attach() calls during single boot. For example each device_attach() separately can yield great entropy in every tests, but all those calls combined might be somehow related, ie. during one boot all calls take a bit longer and in another boot all calls take a bit less, which could decrease total entropy we should estimate out of it. I created dummy driver which was registering three dummy drivers, so it was provoking three device_attach() calls on every kldload. Mariusz verified the observations and there was no correlation between the times. I believe everyone is bored at this point, so I'd like to propose a way forward: I'll perform one more test with CPU clock speed reduced as much as it can be and see if rejecting 7 top bits is still fine. If it is, I'd like to commit my patch. I was wondering if I should hide it under #ifdef __amd64__, but the only risk in having it on all platforms is eventually being overestimating available entropy, which is bad, but I think better than not providing any entropy this method. On the other hand having it on one or two platforms only would maybe motivate people to verify it on other platforms. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --k9xkV0rc9XGsukaG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBhQf0ACgkQForvXbEpPzR2OQCdGcwWJYiJluJQud/xlPF7ORPB 0QYAnR0UlSg1qzTnPCVsXTXdu8Eaqw1P =Ymdr -----END PGP SIGNATURE----- --k9xkV0rc9XGsukaG--

‣ 返回看板[ FB_security ] BSD

‣ 更多 pjd. 的文章

文章代碼(AID): #1GOKYVrs (FB_security)