| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5d672be5-6234-6bb7-fc2d-ee680742628c@zytor.com>
Date: Thu, 25 Aug 2016 17:20:57 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Sandy Harris <sandyinchina@...il.com>
Cc: Jeffrey Walton <noloader@...il.com>, linux-crypto@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
"Theodore Ts'o" <tytso@....edu>
Subject: Re: Entropy sources
On 08/25/16 16:35, Sandy Harris wrote:
> On Thu, Aug 25, 2016 at 5:30 PM, H. Peter Anvin <hpa@...or.com> wrote:
>
>> The network stack is a good source of entropy, *once it is online*.
>> However, the most serious case is while the machine is still booting,
>> when the network will not have enabled yet.
>>
>> -hpa
>
> One possible solution is at:
> https://github.com/sandy-harris/maxwell
>
> A small (< 700 lines) daemon that gets entropy from timer imprecision
> and variations in time for arithmetic (cache misses, interrupts, etc.)
> and pumps it into /dev/random. Make it the first userspace program
> started and all should be covered. Directory above includes a PDF doc
> with detailed rationale and some discussion of alternate solutions.
>
> Of course if you are dealing with a system-on-a-chip or low-end
> embedded CPU & the timer is really inadequate, this will not work
> well. Conceivably well enough, but we could not know that without
> detailed analysis for each chip in question.
>
A lot of this is exactly the same thing /dev/random already does in
kernel space. I have already in the past expressed skepticism toward
this approach, because a lot of the analysis done has simply been bogus.
-hpa
Powered by blists - more mailing lists