From owner-freebsd-current@FreeBSD.ORG Thu Aug 5 16:05:21 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 018D716A4CF; Thu, 5 Aug 2004 16:05:21 +0000 (GMT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75CFD43D64; Thu, 5 Aug 2004 16:05:20 +0000 (GMT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) i75G5DVa059123; Thu, 5 Aug 2004 17:05:14 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)i75G5Dvq059121; Thu, 5 Aug 2004 17:05:13 +0100 (BST) (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])i75G4BFe056682; Thu, 5 Aug 2004 17:04:11 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200408051604.i75G4BFe056682@grimreaper.grondar.org> To: Sam Leffler In-Reply-To: Your message of "Thu, 05 Aug 2004 08:53:14 PDT." <200408050853.14374.sam@errno.com> Date: Thu, 05 Aug 2004 17:04:10 +0100 Sender: mark@grondar.org X-Mailman-Approved-At: Fri, 06 Aug 2004 11:47:48 +0000 cc: Robert Watson cc: freebsd-current@FreeBSD.ORG cc: Richard Coleman Subject: Re: So much entropy it's coming out of our ears? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 16:05:21 -0000 Sam Leffler writes: > > But a push system is still better if it doesn't impact performance too > > much. > > Push vs pull and exhaustion depends on your system config which is why I > hedged with "or a hybrid scheme". If a system has a reasonable h/w entropy > source it should be able to pull enough entropy on demand to keep everyone > happy. I know this to be true for at least 4 crypto parts that include a h/w > RNG. On systems like this you want to just shutdown all other forms of > entropy gathering unless you're paranoid about having a single source of > entropy. I'm thinking about a hybrid system right now. This is the very early stages of my thinking, so its a bit raw. The harvest queue has "nearly full" and "nearly empty" marks. At "nearly full" the harvesters get turned off, and at "nearly empty" they get turned back on. The Yarrow thread is throttled so that it only does work (including turning back on the harvesting) when its output is being read. Or something. I'm scared of getting into insecure states, so I want to think about this. I need to check that this doesn't break the Yarrow design (or the up-and-coming Fortuna design). I think it doesn't. M -- Mark Murray iumop ap!sdn w,I idlaH