On Wednesday, 19 September 2012 at 20:47, Ben Laurie wrote:
> Erring on the side of underestimation is wise here.
I agree wholeheartedly, but underestimation means "calculating the correct
value and then applying a safety factor" rather than "picking an arbitrary
number and hoping it's low eno
On Wed, Sep 19, 2012 at 09:29:23PM +0200, Pawel Jakub Dawidek wrote:
Here's how the distribution looks like for device_attach() times of my
sound card. The times were 26bit numbers, so this is after discarding
top ten bits, which leave us with 16 lower bits of pure entropy:)
http://people.freeb
On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien (@FreeBSD) wrote:
> On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote:
> > I experimented a bit with collecting entropy from the time it takes for
> > device_attach() to run (in CPU cycles). It seems that those times have
> >
On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien (@FreeBSD) wrote:
> Index: sys/sys/random.h
> @@ -57,6 +58,7 @@ struct harvest_select {
> int point_to_point;
> int interrupt;
> int swi;
> + int device;
> };
Should be "int devprobe".
__
On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote:
> I experimented a bit with collecting entropy from the time it takes for
> device_attach() to run (in CPU cycles). It seems that those times have
> enough variation that we can use it for entropy harvesting. It happens
> even bef
On Wed, 19 Sep 2012 22:53:32 +0200
Pawel Jakub Dawidek wrote:
> Here's how the distribution looks like for device_attach() times of my
> sound card. The times were 26bit numbers, so this is after discarding
> top ten bits, which leave us with 16 lower bits of pure entropy:)
>
> http://peop
On Sun, Sep 16, 2012 at 05:21:21PM +0100, Mark Murray wrote:
> Tweeks along the way may include reverting to the original intent of
> starting the PRNG blocked, and only unblocking once reseeded.
I hope I'm testing this incorrectly, but I think we've managed to break
this over the years.
1. Putti
On Wed, Sep 19, 2012 at 09:29:23PM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Sep 19, 2012 at 07:30:52PM +0100, Jonathan Anderson wrote:
> > > If all the times are more or less equally probable in this range […]
> >
> > They're very unlikely to be equally probable. It would make sense to do
> >
On Sun, Sep 16, 2012 at 05:21:21PM +0100, Mark Murray wrote:
> Part 1 of the fix is enclosed; it involves drastically shortening the
> input into /dev/random (the "kickstart") at boot time. There are time
> implications that I'd like to hear any objections to.
...
> better_than_nothing()
> {
> -
On Wed, 19 Sep 2012 20:59:15 +0100
Ben Laurie wrote:
> On Wed, Sep 19, 2012 at 8:29 PM, Pawel Jakub Dawidek
> wrote:
> > On Wed, Sep 19, 2012 at 07:30:52PM +0100, Jonathan Anderson wrote:
> >> > If all the times are more or less equally probable in this range
> >> > […]
> >>
> >> They're very unl
On Wed, Sep 19, 2012 at 08:59:15PM +0100, Ben Laurie wrote:
> On Wed, Sep 19, 2012 at 8:29 PM, Pawel Jakub Dawidek wrote:
> > On Wed, Sep 19, 2012 at 07:30:52PM +0100, Jonathan Anderson wrote:
> >> > If all the times are more or less equally probable in this range […]
> >>
> >> They're very unlike
On Wed, Sep 19, 2012 at 8:29 PM, Pawel Jakub Dawidek wrote:
> On Wed, Sep 19, 2012 at 07:30:52PM +0100, Jonathan Anderson wrote:
>> > If all the times are more or less equally probable in this range […]
>>
>> They're very unlikely to be equally probable. It would make sense to do some
>> characte
On Wed, Sep 19, 2012 at 07:30:52PM +0100, Jonathan Anderson wrote:
> > If all the times are more or less equally probable in this range […]
>
> They're very unlikely to be equally probable. It would make sense to do some
> characterization of these times and their statistics: a highly non-uniform
On Wed, Sep 19, 2012 at 7:30 PM, Jonathan Anderson
wrote:
> On Tuesday, 18 September 2012 at 22:14, Pawel Jakub Dawidek wrote:
>> […] we have more
>> than 19 bits of entropy from this one call, but I reduced if to four
>> bits only, because there are devices that are much faster to attach.
>>
>
>
On Tuesday, 18 September 2012 at 22:14, Pawel Jakub Dawidek wrote:
> I experimented a bit with collecting entropy from the time it takes for
> device_attach() to run (in CPU cycles). It seems that those times have
> enough variation that we can use it for entropy harvesting. It happens
> even befor
On Tue, 18 Sep 2012 23:14:22 +0200
Pawel Jakub Dawidek wrote:
> Hi.
>
> The patch is here:
>
> http://people.freebsd.org/~pjd/patches/harvest_device_attach.patch
>
> Comments?
>
+ attachtime = get_cyclecount() - attachtime;
the above line is redundant since random_harvest() alre
On Wed, 19 Sep 2012 17:28:46 +0200
Dag-Erling Smørgrav wrote:
> I would also suggest modifying yarrow to block reseeding as long as
> possible, ideally right up until the first time something asks for a
> random number, since reseeding throws away all accumulated entropy.
reseeding doesn't thro
Pawel Jakub Dawidek writes:
> I experimented a bit with collecting entropy from the time it takes for
> device_attach() to run (in CPU cycles). It seems that those times have
> enough variation that we can use it for entropy harvesting. It happens
> even before root is mounted, so pretty early.
E
18 matches
Mail list logo
