From owner-freebsd-security@FreeBSD.ORG Wed Sep 19 22:10:57 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 478EE1065672; Wed, 19 Sep 2012 22:10:57 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9A5E08FC15; Wed, 19 Sep 2012 22:10:56 +0000 (UTC) Received: by weyx56 with SMTP id x56so1046058wey.13 for ; Wed, 19 Sep 2012 15:10:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=FqljwjdnTgVrqhojNUfN0z/bM4+Y1NDnUm1L2opfiJw=; b=n6ub5Bp96ATW4Znb+d8ybpuVHsTb4mBegBvfRBBOF5218ehwuO2JdO7MwIj9x7Wu6c FxAPmpTQW+TD/cqxygUNTt7z+YevL8OAvMt/JoMr1sQDHnb+vTbDSYkCAQk7mFY40zrV HzNv0IVZPxDCbGzCtn5KuKDgJnQwFU8Hf75Im/urTe/dVAN6L4NsTN3bsnWoOUSggpVZ yofMEIzldASYR2ih3FZnyLESVGy2eflh4JjEKeVaGRs1CM+j2ZM9mPo8k1FowbT2GJXi ZuReqrXACM+k27SoLKUS5MSyb0UNeVsI4KLWEh9IkEmZCwtliJL8B7Vvypqb7/vqW3/1 2UHQ== Received: by 10.216.143.158 with SMTP id l30mr2444744wej.113.1348092655194; Wed, 19 Sep 2012 15:10:55 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id l5sm7219076wix.5.2012.09.19.15.10.53 (version=SSLv3 cipher=OTHER); Wed, 19 Sep 2012 15:10:54 -0700 (PDT) Date: Wed, 19 Sep 2012 23:10:51 +0100 From: RW To: Pawel Jakub Dawidek Message-ID: <20120919231051.4bc5335b@gumby.homeunix.com> In-Reply-To: <20120919205331.GE1416@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Jonathan Anderson , Mariusz Gromada Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2012 22:10:57 -0000 On Wed, 19 Sep 2012 22:53:32 +0200 Pawel Jakub Dawidek wrote: > Here's how the distribution looks like for device_attach() times of my > sound card. The times were 26bit numbers, so this is after discarding > top ten bits, which leave us with 16 lower bits of pure entropy:) > > http://people.freebsd.org/~pjd/misc/harvest_device_attach.png You're basing a model for all devices on a single sound card, that doesn't seem safe to me. Isn't it possible that a device could take a long and well defined time? Some interrupts can carry a lot of entropy but they are still only accounted at 2 bits. I don't see the point of trying to set a realistic number of bits unless there's a need for secure random numbers before initrandom. If there isn't then you might just as well set the estimation at zero bits, and avoid wasting cpu cycles on unnecessary spontaneous reseeds before the forced reseed.