On Tue, 02 Oct 2012 19:22:40 +0200 Dag-Erling Smørgrav wrote:
> 2) I modified the program to create a histogram of the lower bits and > looked at that in gnuplot. It was immediately obvious that the > distribution is extremely non-uniform. I suspect that this is - at > least in part - due to the weird way get_cyclecount() computes the > value it returns. It doesn't compute it in a weird way for amd64 and most i386 systems. Where possible, get_cyclecount is just a wrapper for rdtsc, which I think it will be for all the systems you quoted (with the possible exception of virtualbox). I don't think one should necessarily expect the bits to get progressively more random going from high to low order. If you think in terms of simple variable analogue delays it seems reasonable, but a physical device may have its own internal timing granulation. > We should either rewrite it to return something > sensible or nuke it and use binuptime() instead. As I pointed-out before if you use binuptime() you cant use entropy estimation based on bit-shifting time differences. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
