| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Aug 2016 14:30:02 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: noloader@...il.com Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Entropy sources (was: /dev/random - a new approach) On 08/20/16 22:37, Jeffrey Walton wrote: >> >> The biggest problem there is that the timer interrupt adds *no* entropy >> unless there is a source of asynchronicity in the system. On PCs, >> traditionally the timer has been run from a completely different crystal >> (14.31818 MHz) than the CPU, which is the ideal situation, but if they >> are run off the same crystal and run in lockstep, there is very little >> if anything there. On some systems, the timer may even *be* the only >> source of time, and the entropy truly is zero. > > It seems like a networked computer should have an abundance on entropy > available from the network stack. Every common case I can come up with > includes a networked computer. If a handheld is outside of coverage, > then it probably does not have the randomness demands because it can't > communicate (i.e., TCP sequence numbers, key agreement, etc). > > In fact, there are at least two papers that use bits from the network stack: > The network stack is a good source of entropy, *once it is online*. However, the most serious case is while the machine is still booting, when the network will not have enabled yet. -hpa
Powered by blists - more mailing lists