From: "H. Peter Anvin" <hpa@zytor.com>
To: "Jörn Engel" <joern@logfs.org>, "Stephan Mueller" <smueller@chronox.de>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Linux Kernel Developers List <linux-kernel@vger.kernel.org>,
macro@linux-mips.org, ralf@linux-mips.org, dave.taht@gmail.com,
blogic@openwrt.org, andrewmcgr@gmail.com, geert@linux-m68k.org,
tg@mirbsd.de
Subject: Re: [PATCH,RFC] random: collect cpu randomness
Date: Sun, 02 Feb 2014 17:28:41 -0800 [thread overview]
Message-ID: <52EEF0C9.8080002@zytor.com> (raw)
In-Reply-To: <20140203012420.GB9499@logfs.org>
On 02/02/2014 05:24 PM, Jörn Engel wrote:
>
> For my part, I think the whole business of estimating entropy is
> bordering on the esoteric. If the hash on the output side is any
> good, you have a completely unpredictable prng once the entropy pool
> is unpredictable. Additional random bits are nice, but not all that
> useful. Blocking /dev/random based on entropy estimates is likewise
> not all that useful.
>
> Key phrase is "once the entropy pool is unpredictable". So early in
> bootup it may make sense to estimate the entropy. But here the
> problem is that you cannot measure entropy, at least not within a
> single system and a reasonable amount of time. That leaves you with a
> heuristic that, like all heuristics, is wrong.
>
The entropy bound needs to be a conservative lower bound. Its main use
is to provide backpressure (should we spend more CPU time producing
entropy) although the forward pressure on /dev/random is potentially
useful for high security applications.
This does NOT mean that zero-credit entropy generation is useless, far
from it. It just means that we are doing it on an "it can't hurt"
basis, rather than "I know for sure that this is valuable."
-hpa
next prev parent reply other threads:[~2014-02-03 1:29 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-02 20:36 [PATCH,RFC] random: collect cpu randomness Jörn Engel
2014-02-02 21:25 ` Stephan Mueller
2014-02-03 1:24 ` Jörn Engel
2014-02-03 1:28 ` H. Peter Anvin [this message]
2014-02-03 13:36 ` Stephan Mueller
2014-02-03 1:39 ` Theodore Ts'o
2014-02-03 3:35 ` Jörn Engel
2014-02-03 12:54 ` Thorsten Glaser
2014-02-03 13:06 ` Stephan Mueller
2014-02-03 15:50 ` Jörn Engel
2014-02-03 16:37 ` Theodore Ts'o
2014-02-03 18:48 ` Jörn Engel
2014-03-23 18:00 ` [PATCH] random: mix all saved registers into entropy pool Jörn Engel
2014-02-03 21:54 ` [PATCH,RFC] random: collect cpu randomness Maciej W. Rozycki
2014-02-03 22:44 ` Theodore Ts'o
2014-02-06 22:20 ` Kees Cook
2014-02-06 22:21 ` Dave Taht
2014-02-07 7:44 ` Jörn Engel
2014-02-20 9:50 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52EEF0C9.8080002@zytor.com \
--to=hpa@zytor.com \
--cc=andrewmcgr@gmail.com \
--cc=blogic@openwrt.org \
--cc=dave.taht@gmail.com \
--cc=geert@linux-m68k.org \
--cc=joern@logfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=macro@linux-mips.org \
--cc=ralf@linux-mips.org \
--cc=smueller@chronox.de \
--cc=tg@mirbsd.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).