From: Jarod Wilson <jarod@redhat.com>
To: Matt Mackall <mpm@selenic.com>
Cc: linux-crypto@vger.kernel.org,
"Venkatesh Pallipadi (Venki)" <venki@google.com>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
John Stultz <johnstul@us.ibm.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 0/5] Feed entropy pool via high-resolution clocksources
Date: Tue, 14 Jun 2011 11:22:44 -0400 [thread overview]
Message-ID: <4DF77CC4.2020309@redhat.com> (raw)
In-Reply-To: <4DF77BBC.8090702@redhat.com>
Jarod Wilson wrote:
> Matt Mackall wrote:
>> On Mon, 2011-06-13 at 18:06 -0400, Jarod Wilson wrote:
>>> Many server systems are seriously lacking in sources of entropy,
>>> as we typically only feed the entropy pool by way of input layer
>>> events, a few NIC driver interrupts and disk activity. A non-busy
>>> server can easily become entropy-starved. We can mitigate this
>>> somewhat by periodically mixing in entropy data based on the
>>> delta between multiple high-resolution clocksource reads, per:
>>>
>>> https://www.osadl.org/Analysis-of-inherent-randomness-of-the-L.rtlws11-developers-okech.0.html
>>>
>>>
>>> Additionally, NIST already approves of similar implementations, so
>>> this should be usable in high-securtiy deployments requiring a
>>> fair chunk of available entropy data for frequent use of /dev/random.
>>
>> So, mixed feelings here:
>>
>> Yes: it's a great idea to regularly mix other data into the pool. More
>> samples are always better for RNG quality.
>>
>> Maybe: the current RNG is not really designed with high-bandwidth
>> entropy sources in mind, so this might introduce non-negligible overhead
>> in systems with, for instance, huge numbers of CPUs.
>
> The current implementation is opt-in, and single-threaded, so at least
> currently, I don't think there should be any significant issues.
I stand corrected. Hadn't considered the possible issues with doing a
regular preempt_disable() and __get_cpu_var() on a system with tons of
cpus. (I'm still not sure exactly what the issues would be, but I think
I see the potential for issues of some sort.)
--
Jarod Wilson
jarod@redhat.com
next prev parent reply other threads:[~2011-06-14 15:23 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-13 22:06 [PATCH 0/5] Feed entropy pool via high-resolution clocksources Jarod Wilson
2011-06-13 22:06 ` [PATCH 1/5] random: add new clocksource entropy interface Jarod Wilson
2011-06-13 22:06 ` [PATCH 2/5] clocksource: add support for entropy-generation function Jarod Wilson
2011-06-17 20:52 ` Thomas Gleixner
2011-06-17 21:19 ` Jarod Wilson
2011-06-13 22:06 ` [PATCH 3/5] hpet: wire up entropy generation function Jarod Wilson
2011-06-13 22:06 ` [PATCH 4/5] tsc: " Jarod Wilson
2011-06-13 22:27 ` Venkatesh Pallipadi
2011-06-13 22:35 ` Jarod Wilson
2011-06-13 22:36 ` H. Peter Anvin
2011-06-13 23:10 ` Matt Mackall
2011-06-14 18:11 ` H. Peter Anvin
2011-06-14 0:39 ` Kent Borg
2011-06-14 1:47 ` H. Peter Anvin
2011-06-14 12:39 ` Kent Borg
2011-06-14 14:33 ` Matt Mackall
2011-06-14 17:48 ` Kent Borg
2011-06-14 18:00 ` Matt Mackall
2011-06-14 20:04 ` Kent Borg
2011-06-14 21:04 ` Matt Mackall
2011-06-14 14:02 ` Jarod Wilson
2011-06-13 23:55 ` Kent Borg
2011-06-17 20:58 ` Thomas Gleixner
2011-06-13 22:06 ` [PATCH 5/5] misc: add clocksource-based entropy generation driver Jarod Wilson
2011-06-17 21:01 ` Thomas Gleixner
2011-06-13 22:38 ` [PATCH 0/5] Feed entropy pool via high-resolution clocksources john stultz
2011-06-14 14:25 ` Jarod Wilson
2011-06-13 23:15 ` Matt Mackall
2011-06-14 15:18 ` Jarod Wilson
2011-06-14 15:22 ` Jarod Wilson [this message]
2011-06-14 17:13 ` Matt Mackall
2011-06-14 20:17 ` Jarod Wilson
2011-06-14 21:45 ` Matt Mackall
2011-06-14 22:51 ` Jarod Wilson
2011-06-14 23:12 ` Matt Mackall
2011-06-15 14:49 ` Jarod Wilson
2011-06-15 20:06 ` Matt Mackall
2011-06-17 18:51 ` Jarod Wilson
2011-06-17 19:29 ` Neil Horman
2011-06-17 20:46 ` Matt Mackall
2011-06-17 19:48 ` hpas
2011-06-17 20:28 ` Matt Mackall
2011-06-18 22:40 ` H. Peter Anvin
2011-06-19 13:38 ` Neil Horman
2011-06-19 15:07 ` Herbert Xu
2011-06-20 0:01 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DF77CC4.2020309@redhat.com \
--to=jarod@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.hengli.com.au \
--cc=hpa@zytor.com \
--cc=johnstul@us.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=tglx@linutronix.de \
--cc=venki@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.