lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACXcFmm6Xfc_W06DNQ=d0wmGgqFLsUuzCnEivVzoFmKmTNv1GA@mail.gmail.com>
Date:	Sun, 10 Feb 2013 14:27:00 -0500
From:	Sandy Harris <sandyinchina@...il.com>
To:	"Theodore Ts'o" <tytso@....edu>,
	Stephan Mueller <smueller@...onox.de>,
	Jeff Epler <jepler@...ythonic.net>,
	linux-crypto@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC][PATCH] Entropy generator with 100 kB/s throughput

On Sun, Feb 10, 2013 at 1:50 PM, Theodore Ts'o <tytso@....edu> wrote:

> On Sun, Feb 10, 2013 at 01:46:18PM +0100, Stephan Mueller wrote:
>>
>> However, the CPU has timing jitter in the execution of instruction. And
>> I try to harvest that jitter. The good thing is that this jitter is
>> always present and can be harvested on demand.
>
> How do you know, though, that this is what you are harvesting?
> ...
> And what's your proof that your entropy source really is an entropy
> source?

One paper that seems to show there is some randomness in
such measurements is McGuire, Okech & Schiesser
"Analysis of inherent randomness of the Linux kernel",
http://lwn.net/images/conf/rtlws11/random-hardware.pdf

They do two clock calls with a usleep() between, take the
low bit of the difference and pack them unmixed into
bytes for testing. Their tests show over 7.5 bits of entropy
per byte, even with interrupts disabled. The same paper
shows that simple arithmetic sequences give some
apparent entropy, due to TLB misses, interrupts, etc.

There are lots of caveats in how this should be used and
it is unclear how much real entropy it gives, but is seems
clear it gives some.

My own program to feed into random(4) is based on
such things:
ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/

HAVEGE also uses them
http://www.irisa.fr/caps/projects/hipsor/
& there is a havegd daemon for Linux
http://www.issihosts.com/haveged/

random(4) also mixed in timer data at one point,
which seems the correct thing for it to do. Later
I heard something about that code having been
removed. What is the current status?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ