閱讀文章 - 看板 FB_security

發信人benl@freebsd.org (Ben Laurie),

看板FB_security

標題Re: Collecting entropy from device_attach() times.

發信站NCTU CS FreeBSD Server (Tue Sep 25 18:05:01 2012)

轉信站ptt!csnews.cs.nctu!news.cs.nctu!FreeBSD.cs.nctu!freebsd.org!owner-free

On Tue, Sep 25, 2012 at 6:32 AM, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > On Tue, Sep 25, 2012 at 12:10:13AM +0200, Mariusz Gromada wrote: >> W dniu 2012-09-24 23:56, Mariusz Gromada pisze: >> >> > Ok, finally I have some formal results. To be completely honest I need >> > to point out that, in fact, we have a discrete data (for example >> > integers 0, 1, ..., 63, but not continues numbers spread across 0 and >> > 63). That is way I am going to use two sample Kolmogorov-Smirnov test. >> >> Another clarification is needed. KS test in general (and in theory) >> should be used for continuous distributions. But in our case we can >> easily say that we observe our distribution in integers only (rounding), >> and the whole rest is easily estimated. > > Thanks a lot! > > To the list: > > phk@ asked me privately to check if there is no correclation between > consecutive device_attach() calls during single boot. > > For example each device_attach() separately can yield great entropy in > every tests, but all those calls combined might be somehow related, ie. > during one boot all calls take a bit longer and in another boot all > calls take a bit less, which could decrease total entropy we should > estimate out of it. > > I created dummy driver which was registering three dummy drivers, so it > was provoking three device_attach() calls on every kldload. Mariusz > verified the observations and there was no correlation between the > times. Sorry to those that are bored, but ... what was the methodology? > I believe everyone is bored at this point, so I'd like to propose a way > forward: > > I'll perform one more test with CPU clock speed reduced as much as it > can be and see if rejecting 7 top bits is still fine. If it is, I'd like > to commit my patch. I was wondering if I should hide it under > #ifdef __amd64__, but the only risk in having it on all platforms is > eventually being overestimating available entropy, which is bad, but I > think better than not providing any entropy this method. On the other > hand having it on one or two platforms only would maybe motivate people > to verify it on other platforms. > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://tupytaj.pl _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"