Re: Entropy sources (was: /dev/random - a new approach)

From: H. Peter Anvin
Date: Thu Aug 25 2016 - 18:45:37 EST

Next message: Russell King - ARM Linux: "Re: [PATCH 1/2] smc91x: always use 8-bit access if necessary"
Previous message: H. Peter Anvin: "Re: [PATCH RFC UGLY] x86,mm,sched: make lazy TLB mode even lazier"
Next in thread: Sandy Harris: "Re: Entropy sources (was: /dev/random - a new approach)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/20/16 22:37, Jeffrey Walton wrote:
>>
>> The biggest problem there is that the timer interrupt adds *no* entropy
>> unless there is a source of asynchronicity in the system. On PCs,
>> traditionally the timer has been run from a completely different crystal
>> (14.31818 MHz) than the CPU, which is the ideal situation, but if they
>> are run off the same crystal and run in lockstep, there is very little
>> if anything there. On some systems, the timer may even *be* the only
>> source of time, and the entropy truly is zero.
>
> It seems like a networked computer should have an abundance on entropy
> available from the network stack. Every common case I can come up with
> includes a networked computer. If a handheld is outside of coverage,
> then it probably does not have the randomness demands because it can't
> communicate (i.e., TCP sequence numbers, key agreement, etc).
>
> In fact, there are at least two papers that use bits from the network stack:
>

The network stack is a good source of entropy, *once it is online*.
However, the most serious case is while the machine is still booting,
when the network will not have enabled yet.

-hpa

Next message: Russell King - ARM Linux: "Re: [PATCH 1/2] smc91x: always use 8-bit access if necessary"
Previous message: H. Peter Anvin: "Re: [PATCH RFC UGLY] x86,mm,sched: make lazy TLB mode even lazier"
Next in thread: Sandy Harris: "Re: Entropy sources (was: /dev/random - a new approach)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]