linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sandy Harris <sandyinchina@gmail.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
	Jeff Epler <jepler@unpythonic.net>,
	linux-crypto@vger.kernel.org, lkml <linux-kernel@vger.kernel.org>
Subject: Re: [RFC][PATCH] Entropy generator with 100 kB/s throughput
Date: Sun, 10 Feb 2013 16:59:10 -0500	[thread overview]
Message-ID: <CACXcFmkmENTrGcchiWVpEe+U5arq798Ys+ef1t70y2uQqz6YDQ@mail.gmail.com> (raw)
In-Reply-To: <5117F5D5.8040709@chronox.de>

On Sun, Feb 10, 2013 at 2:32 PM, Stephan Mueller <smueller@chronox.de> wrote:

> On 10.02.2013 19:50:02, +0100, Theodore Ts'o <tytso@mit.edu> wrote:

> Given all your doubts on the high-precision timer, how can you
> reasonably state that the Linux kernel RNG is good then?
>
> The data from add_timer_randomness the kernel feeds into the input_pool
> is a concatenation of the event value, the jiffies and the get_cycles()
> value. The events hardly contains any entropy, the jiffies a little bit
> due to the coarse resolution of 250 or 1000 Hz. Only the processor
> cycles value provides real entropy.

There are multiple sources of entropy, though. There are reasons
not to fully trust any -- key strike statistics can be predicted if the
enemy knows the language, the enemy might be monitoring the
network. there is no keyboard or mouse on a headless server, a
diskless machine has no disk timing entropy and one with an
SSD or intelligent RAID controller very little, .... However, with
multiple sources and conservative estimates, it is reasonable
to hope there is enough entropy coming in somewhere.

It is much harder to trust a system with single source of
entropy, perhaps impossible for something that is likely to
be deployed on the whole range of things Linux runs on,
from a cell phone with a single 32-bit CPU all the way to
beowulf-based supercomputers with thousands of
multicore chips.

Moeove, random(4) has both a large entropy pool (or
three, to be more precise) and strong crypto in the
mixing. If it /ever/ gets a few hundred bits of real
entropy then no-one without the resources of a
major government and/or a brilliant unpublished
attack on SHA-1 can even hope to break it.

In the default Linux setup, it gets few K bits of
reasonably good entropy from the initialisation
scripts, so attacks look impossible unless the
enemy already has root privileges or has
physical access to boot the machine from
other media & look at Linux storage.

  reply	other threads:[~2013-02-10 21:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-08 22:04 [RFC][PATCH] Entropy generator with 100 kB/s throughput Stephan Mueller
2013-02-09 18:06 ` Theodore Ts'o
2013-02-10  1:57   ` Jeff Epler
2013-02-10 12:46     ` Stephan Mueller
2013-02-10 15:53       ` Jeff Epler
2013-02-10 18:50       ` Theodore Ts'o
2013-02-10 19:27         ` Sandy Harris
2013-02-10 19:32         ` Stephan Mueller
2013-02-10 21:59           ` Sandy Harris [this message]
2013-02-11  0:05           ` Theodore Ts'o
2013-02-10 12:25   ` Stephan Mueller
2013-02-21 14:07 ` Phil Carmody
2013-02-21 14:17   ` Stephan Mueller
2013-02-21 17:46     ` Sandy Harris
2013-02-21 20:30       ` Theodore Ts'o
     [not found] ` <CAFtRNNzcUpxT3R6ttUJ0c-7QTVRxbwRVq6bPqvkSL93vbstT4g@mail.gmail.com>
2013-02-22 11:14   ` Nick Kossifidis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACXcFmkmENTrGcchiWVpEe+U5arq798Ys+ef1t70y2uQqz6YDQ@mail.gmail.com \
    --to=sandyinchina@gmail.com \
    --cc=jepler@unpythonic.net \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=smueller@chronox.de \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).