Re: Entropy Pool Contents

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeff Garzik <jeff@garzik.org>
To: Theodore Tso <tytso@mit.edu>,
	Jan Engelhardt <jengelh@linux01.gwdg.de>,
	Gunter Ohrner <G.Ohrner@post.rwth-aachen.de>,
	linux-kernel@vger.kernel.org
Subject: Re: Entropy Pool Contents
Date: Thu, 23 Nov 2006 20:01:43 -0500	[thread overview]
Message-ID: <45664477.4030003@garzik.org> (raw)
In-Reply-To: <20061124004855.GA10937@thunk.org>

Theodore Tso wrote:
> On Thu, Nov 23, 2006 at 01:10:08AM +0100, Jan Engelhardt wrote:
>> Disk activities are "somewhat predictable", like network traffic, and 
>> hence are not (or should not - have not checked it) contribute to the 
>> pool. Note that urandom is the device which _always_ gives you data, and 
>> when the pool is exhausted, returns pseudorandom data.
> 
> Plesae read the following article before making such assertions:
> 
> 	D. Davis, R. Ihaka, P.R. Fenstermacher, "Cryptographic
> 	Randomness from Air Turbulence in Disk Drives", in Advances in
> 	Cryptology -- CRYPTO '94 Conference Proceedings, edited by Yvo
> 	G. Desmedt, pp.114--120. Lecture Notes in Computer Science
> 	#839. Heidelberg: Springer-Verlag, 1994.
> 	http://world.std.com/~dtd/random/forward.ps

Note that the controller hardware in question plays a large role in 
these things.  Most modern network controllers, and a few recent SATA or 
SAS controllers, include hardware interrupt mitigation, which can cause 
interrupts to fire on a timed basis in some load profiles.

Compounding that, both software and hardware interrupt mitigation lead 
(intentionally) to a marked decrease in overall interrupts, which leads 
to less entropy even if the interrupt handler is sampling randomness.

IMO there is an overall trend needing-more-entropy-than-you-have for 
headless network servers.  If you have a hardware RNG, use that and rngd 
to fill the entropy pool.  If you don't, look into various entropy 
gathering daemons (audio-entropyd, video-entropyd, egd, and others). 
You can gather entropy from system stats, open microphones, open video 
channels, thermal diodes, ...

	Jeff

next prev parent reply	other threads:[~2006-11-24  1:01 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-22 23:54 Entropy Pool Contents Gunter Ohrner
2006-11-22 23:59 ` Gunter Ohrner
2006-11-23  0:10 ` Jan Engelhardt
2006-11-23 21:40   ` Gunter Ohrner
2006-11-27 16:16     ` Phillip Susi
2006-11-27 16:19       ` Chris Friesen
2006-11-27 18:54         ` Phillip Susi
2006-11-27 19:33           ` David Wagner
2006-11-27 20:38             ` Phillip Susi
2006-11-27 20:40               ` David Wagner
2006-11-27 21:52                 ` Kyle Moffett
2006-11-28  4:17                   ` David Wagner
2006-11-28  5:19                     ` Ben Pfaff
2006-11-28 12:13                       ` Henrique de Moraes Holschuh
2006-11-28 12:58                         ` David Wagner
2006-11-28 13:32                   ` Eran Tromer
2006-11-28 13:15                 ` Martin Mares
2006-11-28 17:22                   ` Phillip Susi
2006-11-28 17:24                     ` Martin Mares
2006-11-28 17:46                       ` Phillip Susi
2006-11-28 17:49                         ` Martin Mares
2006-11-28 18:40                           ` Phillip Susi
2006-11-28 21:05                             ` Martin Mares
2006-11-29 20:04                               ` Phillip Susi
2006-11-28 17:42                 ` Phillip Susi
2006-11-28 17:59                   ` Martin Mares
2006-11-28 22:50                   ` Eran Tromer
2006-11-27 22:21       ` Gunter Ohrner
2006-11-24  0:48   ` Theodore Tso
2006-11-24  1:01     ` Jeff Garzik [this message]
2006-11-23 20:54 ` Lennart Sorensen
2006-11-23 21:34   ` Gunter Ohrner
2006-11-23 21:04 ` Jeff Garzik
2006-11-23 21:43   ` Gunter Ohrner
2006-11-26  1:26 ` Folkert van Heusden

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45664477.4030003@garzik.org \
    --to=jeff@garzik.org \
    --cc=G.Ohrner@post.rwth-aachen.de \
    --cc=jengelh@linux01.gwdg.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox