lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <45664477.4030003@garzik.org>
Date:	Thu, 23 Nov 2006 20:01:43 -0500
From:	Jeff Garzik <jeff@...zik.org>
To:	Theodore Tso <tytso@....edu>,
	Jan Engelhardt <jengelh@...ux01.gwdg.de>,
	Gunter Ohrner <G.Ohrner@...t.rwth-aachen.de>,
	linux-kernel@...r.kernel.org
Subject: Re: Entropy Pool Contents

Theodore Tso wrote:
> On Thu, Nov 23, 2006 at 01:10:08AM +0100, Jan Engelhardt wrote:
>> Disk activities are "somewhat predictable", like network traffic, and 
>> hence are not (or should not - have not checked it) contribute to the 
>> pool. Note that urandom is the device which _always_ gives you data, and 
>> when the pool is exhausted, returns pseudorandom data.
> 
> Plesae read the following article before making such assertions:
> 
> 	D. Davis, R. Ihaka, P.R. Fenstermacher, "Cryptographic
> 	Randomness from Air Turbulence in Disk Drives", in Advances in
> 	Cryptology -- CRYPTO '94 Conference Proceedings, edited by Yvo
> 	G. Desmedt, pp.114--120. Lecture Notes in Computer Science
> 	#839. Heidelberg: Springer-Verlag, 1994.
> 	http://world.std.com/~dtd/random/forward.ps

Note that the controller hardware in question plays a large role in 
these things.  Most modern network controllers, and a few recent SATA or 
SAS controllers, include hardware interrupt mitigation, which can cause 
interrupts to fire on a timed basis in some load profiles.

Compounding that, both software and hardware interrupt mitigation lead 
(intentionally) to a marked decrease in overall interrupts, which leads 
to less entropy even if the interrupt handler is sampling randomness.

IMO there is an overall trend needing-more-entropy-than-you-have for 
headless network servers.  If you have a hardware RNG, use that and rngd 
to fill the entropy pool.  If you don't, look into various entropy 
gathering daemons (audio-entropyd, video-entropyd, egd, and others). 
You can gather entropy from system stats, open microphones, open video 
channels, thermal diodes, ...

	Jeff



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ