[Cryptography] cheap sources of entropy
Ben Laurie
ben at links.org
Mon Feb 3 17:28:15 EST 2014
HOLY CRAP! Enough of the rhetoric. Has anyone measured anything, or is
this all opinion?
On 3 February 2014 21:13, Tom Mitchell <mitch at niftyegg.com> wrote:
>
> On Sat, Feb 1, 2014 at 8:27 PM, Jerry Leichter <leichter at lrw.com> wrote:
>>
>> On Feb 1, 2014, at 4:58 PM, James A. Donald wrote:
>> > On 2014-02-02 06:38, Bill Stewart wrote:
>> >> Definitely not. If you're on a VM, you have 0..n virtual disk drives,
>> >> which the hypervisor simulates from a datastore pool and maybe some cache.
>> >
>> > Underneath all that are real material disk drives, which have
>> > turbulence. n in the time that your buffer gets filled. So just hash the
>> > cpu clock into your stockpile of randomness every time that you read data
>> > that is likely to need to come from disk. And then your VM is reading real
>> > randomness from real turbulence on the real disk.
>
> ......
>>
>> Go back to the paper that proposed using turbulence and repeat some of
>> their tests in a virtual environment. Let us know what you *actually
>> observe*.
>
>
> http://world.std.com/~dtd/random/forward.PDF
>
>>
>> (BTW, it's not even clear that those measurements are relevant to today's
>> disk drives and adapters.
>
>
> Bingo... not relevant in the presence of modern SSD and also the built in
> disk buffer
> prefetch and more tricks of modern disks that minimize some or all of the
> assumptions
> for spinning media.
>
> Virtual machines are difficult if not impossible all devices and hardware
> can be or need to be virtualized...
>
> Still there are many cats and many ways to skin a cat.
>
> One could approach this a lot like system time with a list of trusted
> sources of entropy to be hashed into a local stream. Time management
> (NTP) has goals of trust and traffic minimization that have value here.
> It does not take a lot of additional random data hashed into other
> streams to generate a local stream that has decent quality.
>
> I should note that open NTP sites have been the victim of DOS
> amplification attacks so NTP is not perfect....
>
>
>
>
>
>
>
>
> --
> T o m M i t c h e l l
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list