[clug] entropy

Kim Holburn kim.holburn at anu.edu.au
Sat Aug 30 11:33:56 EST 2003

At 11:10 AM +1000 2003/08/30, Martijn van Oosterhout wrote:
>On Sat, Aug 30, 2003 at 08:55:44AM +1000, Kim Holburn wrote:
>> Apparently the consensus is that you can't use the network device for
>> entropy "because an attacker might potentially control input and make it
>> non-random".  Is this possible?  I don't know.
>I've always thought this a bit strange. I'm not convinced that an attacker
>can control the timing accuratly enough to predict the very last bit of the
>CPU cycle counter which flips maybe a billion times a second. At this level
>you're talking about DRAM latency timings and whether not things are in
>cache. One bit of entropy per network packet would be enough for most
>> Anyway one option which we might use is to attach microphones and use the sound to create entropy using audio-entropyd. 
>> Has anyone else gone through something similar?
>No, though I am curious what your symptoms are because we have some servers
>like that.
>Basically, you need to find out what *does* count as entropy if network
>traffic doesn't.

There's a discussion here from the kernel group:

To quote:
>Entropy comes from 4 sources it seems: Keyboard, Mouse, Disk I/O
>and IRQs.

Anyone know what the things in /proc/sys/kernel/random/ actually do?

>If hard disks interrupts count, maybe a find / from a
>cronjob every couple of hours. That's the only easily controllable thing I
>can think of.

These servers don't actually have hard disks - they run off compact flash cards.  When we run them off hard disks the entropy is slightly better (seek times add something?)

Kim Holburn 
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request

Life is complex - It has real and imaginary parts.
     Andrea Leistra (rec.arts.sf.written.Robert-jordan)

More information about the linux mailing list