CPRNGs are still an issue.

Joachim Strömbergson Joachim at Strombergson.com
Mon Dec 15 14:28:22 EST 2008


Aloha!

Damien Miller wrote:
> On Thu, 11 Dec 2008, James A. Donald wrote:
> 
>> If one uses a higher resolution counter - sub
>> microsecond - and times multiple disk accesses, one gets
>> true physical randomness, since disk access times are
>> effected by turbulence, which is physically true
>> random.
> 
> Until someone runs your software on a SSD instead of a HDD. Oops.

That is a very good observation. I would bet loads of GM stocks that
very few people realise that moving from 0ld sk00l HDD to SSD would
affect their entropy sources. Does anybode have any idea if this has
been discussed among OS Dev groups?

One could probably do a similar comparison to the increasingly popular
idea of building virtual LANs to connect your virtualized server running
on the same physical host. Ethernet frame reception time variance as
well as other real physical events should take a hit when moving into
the virtualization domain. After all, replacing physical stuff with SW
is the whole point of virtualization.

Does anybody know what VMware, Parallels etc do to support entropy for
sources like this, or is it basically a forgotten/skipped/ignored feature?

--
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Kryptoblog - IT-säkerhet på svenska
http://www.strombergson.com/kryptoblog
========================================================================
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list