From: Jeff Garzik <jeff@garzik.org>
To: Will Newton <will.newton@gmail.com>
Cc: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>,
"Kok, Auke" <auke-jan.h.kok@intel.com>,
Rick Jones <rick.jones2@hp.com>,
"Brandeburg, Jesse" <jesse.brandeburg@intel.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Chris Peterson <cpeterso@cpeterso.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM
Date: Fri, 16 May 2008 10:27:40 -0400 [thread overview]
Message-ID: <482D99DC.7040501@garzik.org> (raw)
In-Reply-To: <87a5b0800805160659j1e8482efjea2fb8167f755e05@mail.gmail.com>
Will Newton wrote:
> On Fri, May 16, 2008 at 2:40 PM, Jeff Garzik <jeff@garzik.org> wrote:
>> Lennart Sorensen wrote:
>>> On Thu, May 15, 2008 at 03:21:49PM -0400, Jeff Garzik wrote:
>>>> "no other form of entropy"? See examples in this thread.
>>> So where does one get entropy if not the ethernet adapter on many
>>> embedded systems? If you have no mouse, no keyboard, no hardware number
>>> generator, just ethernet ports and a serial console that usually
>>> receives no input. While ethernet might not be preferable if you have
>>> something else, sometimes you really don't have anything else.
>> Already answered in this thread... EGD illustrates how many sources of
>> entropy remain, even in the example you just gave.
>>
>> Further, you do not want to rely on entropy from a source that declines just
>> as network traffic increases.
>
> I don't know egd that well, but from a cursory look it gets data from
> such things as w or last (wtmp) which is static on most embedded
> boxes.
Inevitably some of the local-machine entropy sources will be static or
externally influenced. That's the whole point of using several. If
using one source was sufficient... we would just use that one and be
done with it. :)
The questions to ask are
* is this collective snapshot of local machine state sufficiently unique?
* is this local-machine state externally controllable within realistic
orders of complexity?
> It also uses netstat and snmp - surely this is at least as easy
> to manipulate as interrupt timings?
netstat reflects local machine state of all sockets, including local
ones, and including local details like tcp in-q and out-q. snmp can
query MIBs such as ethernet wire stats, gaining entropy from
pause/collision/etc. frame statistics.
A set of mitigated network interrupt events is far, far more predictable
and controllable than the collective state of a machine's network
sockets, or the electrical state of the ethernet LAN link.
For network-interrupt randomness to be subverted in some cases, one
might need only to increase overall network traffic to a certain level.
Jeff
next prev parent reply other threads:[~2008-05-16 14:27 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-15 7:11 [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM Chris Peterson
2008-05-15 13:21 ` Alan Cox
2008-05-15 16:07 ` Brandeburg, Jesse
2008-05-15 16:39 ` Alan Cox
2008-05-15 18:14 ` Jeff Garzik
2008-05-15 18:47 ` Kok, Auke
2008-05-15 19:10 ` Jeff Garzik
2008-05-15 18:50 ` Rick Jones
2008-05-15 19:11 ` Jeff Garzik
2008-05-15 19:55 ` [PATCH] " Jeff Garzik
2008-05-16 0:27 ` Andi Kleen
2008-05-16 9:56 ` Alan Cox
2008-05-16 10:19 ` Andi Kleen
2008-05-16 12:12 ` Herbert Xu
2008-05-16 16:25 ` Andi Kleen
2008-05-17 1:01 ` Herbert Xu
2008-05-17 10:59 ` Andi Kleen
2008-05-17 19:54 ` Chris Peterson
2008-05-17 20:05 ` Arjan van de Ven
2008-05-18 10:13 ` Andi Kleen
2008-05-18 11:26 ` Theodore Tso
2008-05-18 12:57 ` Joe Korty
2008-05-18 17:53 ` Andi Kleen
2008-05-25 15:26 ` Glen Turner
2008-05-19 12:29 ` Benny Amorsen
2008-05-18 10:08 ` Andi Kleen
2008-05-22 9:28 ` Helge Hafting
2008-05-16 13:20 ` Adrian Bunk
2008-05-16 16:20 ` Andi Kleen
2008-05-16 19:47 ` David Miller
2008-05-16 23:28 ` Rick Jones
2008-05-15 18:04 ` Jeff Garzik
2008-05-15 18:17 ` Rick Jones
2008-05-15 18:31 ` Jeff Garzik
2008-05-15 18:47 ` Kok, Auke
2008-05-15 19:21 ` Jeff Garzik
2008-05-15 20:01 ` Chris Peterson
2008-05-15 20:16 ` Jeff Garzik
2008-05-15 20:39 ` Kok, Auke
2008-05-15 21:47 ` Theodore Tso
2008-05-15 21:58 ` Jeff Garzik
2008-05-15 22:29 ` Henrique de Moraes Holschuh
2008-05-15 22:44 ` Jeff Garzik
2008-05-15 23:02 ` Henrique de Moraes Holschuh
2008-05-15 23:36 ` Theodore Tso
2008-05-15 23:46 ` Henrique de Moraes Holschuh
2008-05-15 23:33 ` Theodore Tso
2008-05-15 23:58 ` Henrique de Moraes Holschuh
2008-05-16 13:21 ` Lennart Sorensen
2008-05-16 13:40 ` Jeff Garzik
2008-05-16 13:59 ` Will Newton
2008-05-16 14:15 ` Lennart Sorensen
2008-05-16 14:27 ` Jeff Garzik [this message]
2008-05-16 15:10 ` Alan Cox
2008-05-16 17:36 ` Lennart Sorensen
2008-05-16 18:11 ` Alan Cox
2008-05-16 18:40 ` Kok, Auke
2008-05-16 18:41 ` Lennart Sorensen
2008-05-16 18:42 ` Lennart Sorensen
2008-05-16 20:04 ` Alan Cox
2008-05-16 20:39 ` Lennart Sorensen
2008-05-16 20:46 ` Alan Cox
2008-05-16 20:34 ` Benny Amorsen
2008-05-25 15:02 ` Glen Turner
2008-05-25 19:33 ` Benny Amorsen
2008-05-17 4:55 ` Chris Peterson
2008-05-25 15:09 ` Glen Turner
2008-05-25 23:27 ` Theodore Tso
2008-05-26 13:43 ` Alejandro Riveira Fernández
2008-05-26 15:14 ` Bill Fink
2008-05-26 21:07 ` Krzysztof Halasa
2008-05-26 21:52 ` Bill Fink
2008-05-26 22:11 ` Ben Hutchings
2008-05-27 16:44 ` Rick Jones
2008-05-30 19:50 ` Pavel Machek
2008-05-25 14:55 ` Glen Turner
[not found] ` <482C8550 <20080516161029.44ded734@core>
2008-05-16 20:08 ` Gilles Espinasse
2008-05-17 22:02 ` Adrian Bunk
2008-05-18 6:41 ` [PATCH] drivers/net: remove network drivers' last few uses ofIRQF_SAMPLE_RANDOM Gilles Espinasse
2008-05-18 9:54 ` Alan Cox
2008-05-18 12:02 ` Adrian Bunk
2008-05-18 12:24 ` Theodore Tso
2008-05-18 14:43 ` Adrian Bunk
2008-05-15 21:55 ` [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM Adrian Bunk
2008-05-15 22:04 ` Jeff Garzik
2008-05-15 22:27 ` Theodore Tso
2008-05-15 22:13 ` Jesper Juhl
2008-05-15 22:34 ` Theodore Tso
2008-05-15 22:57 ` Jesper Juhl
2008-05-18 0:36 ` Matt Mackall
2008-05-15 22:42 ` Jeff Garzik
-- strict thread matches above, loose matches on Subject: below --
2010-04-10 5:29 Chris Peterson
2010-04-15 6:42 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=482D99DC.7040501@garzik.org \
--to=jeff@garzik.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=auke-jan.h.kok@intel.com \
--cc=cpeterso@cpeterso.com \
--cc=jesse.brandeburg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lsorense@csclub.uwaterloo.ca \
--cc=netdev@vger.kernel.org \
--cc=rick.jones2@hp.com \
--cc=will.newton@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).