lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3579180.ti4z33qfDe@tauon>
Date:	Tue, 04 Feb 2014 17:19:52 +0100
From:	Stephan Mueller <smueller@...onox.de>
To:	Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:	Theodore Ts'o <tytso@....edu>,
	Jörn Engel <joern@...fs.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
	"Maciej W. Rozycki" <macro@...ux-mips.org>,
	Ralf Baechle <ralf@...ux-mips.org>, dave.taht@...il.com,
	John Crispin <blogic@...nwrt.org>, andrewmcgr@...il.com,
	Thorsten Glaser <tg@...bsd.de>, sandyinchina@...il.com
Subject: Re: [PATCH 2/5] CPU Jitter RNG: Enable compilation

Am Dienstag, 4. Februar 2014, 14:39:54 schrieb Geert Uytterhoeven:

Hi Geert,

>On Tue, Feb 4, 2014 at 1:40 PM, Stephan Mueller <smueller@...onox.de> 
wrote:
>> +CFLAGS_jitterentropy-base.o    = -O0
>
>Why? if really needed, this deserves a comment.

Sorry to have not explained all details in the email.

Please consider the following rationale found in the jitterentropy-
base.c, given for jent_fold_time:

 * The code is deliberately inefficient and shall stay that way. This 
function
 * is the root cause why the code shall be compiled without 
optimization. This
 * function not only acts as folding operation, but this function's 
execution
 * is used to measure the CPU execution time jitter. Any change to the 
loop in
 * this function implies that careful retesting must be done.

The idea of the RNG is to measure the execution timing of a set of 
instruction. The set of instructions that are measured as part of the 
execution timing jitter measurement is exactly the jent_fold_time 
function. When the compiler applies optimizations, one really does not 
know how this deliberately inefficient loop is made more efficient. When 
it is made more efficient by the compiler, it is unclear how much 
instructions are really executed. And the less instructions, the less 
timing variations the RNG gets, the less entropy the RNG picks up.

Please note that all testing that is executed shows that optimizations 
do not really matter. But there are some very old systems (AMD 
Semperons, very old Pentiums) who show timing variations which border to 
the lowest allowed variations when enabling optimizations. When 
disabling optimizations, all the expected timing variations are present. 
And for an RNG, it is always important to have "leeway" in the amount of 
entropy sampled from the raw noise, i.e. it is better to be too 
conservative and underestimate the entropy by a significant amount.

As the entire RNG is intended to be based on timing variations, I felt 
that the entire C file can be compiled without optimizations. In this 
case, even the post-processing of the data while collecting entropy even 
adds more entropy, albeit this impact was not subject to testing or 
analysis -- at least it will not diminish the measured timing 
variations.

Also, I consider the execution speed of the entropy collection is not 
really an issue because the RNG delivers random numbers at a 
comparatively high rate. Any other noise source feeding into random.c 
delivers data with far less speed.

For more details, please see [1] section 5.1 below the presented graphs.

[1] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ