[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2039634.jSmQAS6tdi@myon.chronox.de>
Date: Tue, 04 Feb 2014 13:36:59 +0100
From: Stephan Mueller <smueller@...onox.de>
To: Theodore Ts'o <tytso@....edu>,
Jörn Engel <joern@...fs.org>,
"H. Peter Anvin" <hpa@...or.com>,
Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
macro@...ux-mips.org, ralf@...ux-mips.org, dave.taht@...il.com,
blogic@...nwrt.org, andrewmcgr@...il.com, geert@...ux-m68k.org,
tg@...bsd.de, sandyinchina@...il.com
Subject: [RFC PATCH 0/5] CPU Jitter RNG
Hi,
with the previous release of the CPU Jitter RNG ([1]), concerns were raised on
the presence of entropy in the CPU execution timing. With this new version of
the CPU Jitter RNG, a new noise source based on memory access timings is now
added and the concerns raised before are addressed with additional analyses
given in [2] section 6.1.
This additional noise source is again covered with extensive testing
documented in [2] section 6.2. The test results allowed the explanation of the
basics of that memory access noise source.
To analyze the two noise sources, a bare metal testing program is used as
documented in [2] section 6.3. That bare metal testing allows the analysis of
the noise source without interference of an OS and interrupts.
Furthermore, for the already existent noise source of the CPU execution
timing, more analysis of the behavior of the CPU is provided in [2] section
6.1. The analysis, however, showed CPU behavior that cannot easily be
explained. The testing shows that there is a possibility to eliminate the CPU
execution timing jitter for one particular measurement using a serialization
instruction. That elimination of timing jitter, however, was not visible when
the individual rounds of the RNG were tested. That means that the elimination
of timing jitter in one special case did not show any effects on the behavior
of the RNG.
The following set of patches integrate the CPU Jitter RNG as a fallback noise
source into /dev/random. The reason for using it as a fallback only is the
conceptual difference of the CPU Jitter RNG to the other noise sources: all
other noise sources are a push mechanism whereas the CPU Jitter RNG works by
pulling bits on demand. Due to the speed of the Jitter RNG, it has the
capability of monopolizing all other noise sources which is prevented by only
invoking it when the lower entropy threshold of the Linux RNG is reached.
Ciao
Stephan
[1] http://thread.gmane.org/gmane.linux.kernel/1577419/focus=1586212
[2] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html
--
| Cui bono? |
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists