[clug] entropy
Kim Holburn
kim.holburn at anu.edu.au
Sat Aug 30 11:33:56 EST 2003
At 11:10 AM +1000 2003/08/30, Martijn van Oosterhout wrote:
>On Sat, Aug 30, 2003 at 08:55:44AM +1000, Kim Holburn wrote:
>> Apparently the consensus is that you can't use the network device for
>> entropy "because an attacker might potentially control input and make it
>> non-random". Is this possible? I don't know.
>
>I've always thought this a bit strange. I'm not convinced that an attacker
>can control the timing accuratly enough to predict the very last bit of the
>CPU cycle counter which flips maybe a billion times a second. At this level
>you're talking about DRAM latency timings and whether not things are in
>cache. One bit of entropy per network packet would be enough for most
>things.
>
>> Anyway one option which we might use is to attach microphones and use the sound to create entropy using audio-entropyd.
>>
>> Has anyone else gone through something similar?
>
>No, though I am curious what your symptoms are because we have some servers
>like that.
>
>Basically, you need to find out what *does* count as entropy if network
>traffic doesn't.
There's a discussion here from the kernel group:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=ca8d072c84d4e58&seekm=listgate20010409064003%247e55%40attila.bofh.it
To quote:
>Entropy comes from 4 sources it seems: Keyboard, Mouse, Disk I/O
>and IRQs.
Anyone know what the things in /proc/sys/kernel/random/ actually do?
>If hard disks interrupts count, maybe a find / from a
>cronjob every couple of hours. That's the only easily controllable thing I
>can think of.
These servers don't actually have hard disks - they run off compact flash cards. When we run them off hard disks the entropy is slightly better (seek times add something?)
Kim
--
--
Kim Holburn
Network Consultant - Telecommunications Engineering
Research School of Information Sciences and Engineering
Australian National University - Ph: +61 2 61258620 M: +61 0417820641
Email: kim.holburn at anu.edu.au - PGP Public Key on request
Life is complex - It has real and imaginary parts.
Andrea Leistra (rec.arts.sf.written.Robert-jordan)
More information about the linux
mailing list