Re: Entropy Pool Contents

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Garzik <jeff@garzik.org>
To: Theodore Tso <tytso@mit.edu>,
	Jan Engelhardt <jengelh@linux01.gwdg.de>,
	Gunter Ohrner <G.Ohrner@post.rwth-aachen.de>,
	linux-kernel@vger.kernel.org
Subject: Re: Entropy Pool Contents
Date: Thu, 23 Nov 2006 20:01:43 -0500	[thread overview]
Message-ID: <45664477.4030003@garzik.org> (raw)
In-Reply-To: <20061124004855.GA10937@thunk.org>

Theodore Tso wrote:
> On Thu, Nov 23, 2006 at 01:10:08AM +0100, Jan Engelhardt wrote:
>> Disk activities are "somewhat predictable", like network traffic, and 
>> hence are not (or should not - have not checked it) contribute to the 
>> pool. Note that urandom is the device which _always_ gives you data, and 
>> when the pool is exhausted, returns pseudorandom data.
> 
> Plesae read the following article before making such assertions:
> 
> 	D. Davis, R. Ihaka, P.R. Fenstermacher, "Cryptographic
> 	Randomness from Air Turbulence in Disk Drives", in Advances in
> 	Cryptology -- CRYPTO '94 Conference Proceedings, edited by Yvo
> 	G. Desmedt, pp.114--120. Lecture Notes in Computer Science
> 	#839. Heidelberg: Springer-Verlag, 1994.
> 	http://world.std.com/~dtd/random/forward.ps

Note that the controller hardware in question plays a large role in 
these things.  Most modern network controllers, and a few recent SATA or 
SAS controllers, include hardware interrupt mitigation, which can cause 
interrupts to fire on a timed basis in some load profiles.

Compounding that, both software and hardware interrupt mitigation lead 
(intentionally) to a marked decrease in overall interrupts, which leads 
to less entropy even if the interrupt handler is sampling randomness.

IMO there is an overall trend needing-more-entropy-than-you-have for 
headless network servers.  If you have a hardware RNG, use that and rngd 
to fill the entropy pool.  If you don't, look into various entropy 
gathering daemons (audio-entropyd, video-entropyd, egd, and others). 
You can gather entropy from system stats, open microphones, open video 
channels, thermal diodes, ...

	Jeff

next prev parent reply	other threads:[~2006-11-24  1:01 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-22 23:54 Entropy Pool Contents Gunter Ohrner
2006-11-22 23:59 ` Gunter Ohrner
2006-11-23  0:10 ` Jan Engelhardt
2006-11-23 21:40   ` Gunter Ohrner
2006-11-27 16:16     ` Phillip Susi
2006-11-27 16:19       ` Chris Friesen
2006-11-27 18:54         ` Phillip Susi
2006-11-27 19:33           ` David Wagner
2006-11-27 20:38             ` Phillip Susi
2006-11-27 20:40               ` David Wagner
2006-11-27 21:52                 ` Kyle Moffett
2006-11-28  4:17                   ` David Wagner
2006-11-28  5:19                     ` Ben Pfaff
2006-11-28 12:13                       ` Henrique de Moraes Holschuh
2006-11-28 12:58                         ` David Wagner
2006-11-28 13:32                   ` Eran Tromer
2006-11-28 13:15                 ` Martin Mares
2006-11-28 17:22                   ` Phillip Susi
2006-11-28 17:24                     ` Martin Mares
2006-11-28 17:46                       ` Phillip Susi
2006-11-28 17:49                         ` Martin Mares
2006-11-28 18:40                           ` Phillip Susi
2006-11-28 21:05                             ` Martin Mares
2006-11-29 20:04                               ` Phillip Susi
2006-11-28 17:42                 ` Phillip Susi
2006-11-28 17:59                   ` Martin Mares
2006-11-28 22:50                   ` Eran Tromer
2006-11-27 22:21       ` Gunter Ohrner
2006-11-24  0:48   ` Theodore Tso
2006-11-24  1:01     ` Jeff Garzik [this message]
2006-11-23 20:54 ` Lennart Sorensen
2006-11-23 21:34   ` Gunter Ohrner
2006-11-23 21:04 ` Jeff Garzik
2006-11-23 21:43   ` Gunter Ohrner
2006-11-26  1:26 ` Folkert van Heusden

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45664477.4030003@garzik.org \
    --to=jeff@garzik.org \
    --cc=G.Ohrner@post.rwth-aachen.de \
    --cc=jengelh@linux01.gwdg.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.