Collecting entropy from device_attach() times.

Ben Laurie benl at freebsd.org
Tue Sep 25 09:05:03 UTC 2012 

On Tue, Sep 25, 2012 at 6:32 AM, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
> On Tue, Sep 25, 2012 at 12:10:13AM +0200, Mariusz Gromada wrote:
>> W dniu 2012-09-24 23:56, Mariusz Gromada pisze:
>>
>> > Ok, finally I have some formal results. To be completely honest I need
>> > to point out that, in fact, we have a discrete data (for example
>> > integers 0, 1, ..., 63, but not continues numbers spread across 0 and
>> > 63). That is way  I am going to use two sample Kolmogorov-Smirnov test.
>>
>> Another clarification is needed. KS test in general (and in theory)
>> should be used for continuous distributions. But in our case we can
>> easily say that we observe our distribution in integers only (rounding),
>> and the whole rest is easily estimated.
>
> Thanks a lot!
>
> To the list:
>
> phk@ asked me privately to check if there is no correclation between
> consecutive device_attach() calls during single boot.
>
> For example each device_attach() separately can yield great entropy in
> every tests, but all those calls combined might be somehow related, ie.
> during one boot all calls take a bit longer and in another boot all
> calls take a bit less, which could decrease total entropy we should
> estimate out of it.
>
> I created dummy driver which was registering three dummy drivers, so it
> was provoking three device_attach() calls on every kldload. Mariusz
> verified the observations and there was no correlation between the
> times.

Sorry to those that are bored, but ... what was the methodology?

> I believe everyone is bored at this point, so I'd like to propose a way
> forward:
>
> I'll perform one more test with CPU clock speed reduced as much as it
> can be and see if rejecting 7 top bits is still fine. If it is, I'd like
> to commit my patch. I was wondering if I should hide it under
> #ifdef __amd64__, but the only risk in having it on all platforms is
> eventually being overestimating available entropy, which is bad, but I
> think better than not providing any entropy this method. On the other
> hand having it on one or two platforms only would maybe motivate people
> to verify it on other platforms.
>
> --
> Pawel Jakub Dawidek                       http://www.wheelsystems.com
> FreeBSD committer                         http://www.FreeBSD.org
> Am I Evil? Yes, I Am!                     http://tupytaj.pl

More information about the freebsd-security mailing list