[Cryptography] provisioning a seed for /dev/urandom
James A. Donald
jamesd at echeque.com
Sun Oct 27 23:03:48 EDT 2013
> 2013/10/27 James A. Donald <jamesd at echeque.com <mailto:jamesd at echeque.com>>
>
> Every interrupt should provide at least one bit of entropy. There
> should be a lot more than 128 interrupts before the hypervisor gets
> running.
On 2013-10-28 10:19, Lodewijk andré de la porte wrote:
> I really want a formal definition of "bit of entropy". The ways it's
> being used here just don't "add up". Aren't interrupts (especially at
> startup) /pretty predictable/? Depending on the software, hardware, etc.
> I'd say you could completely simulate them! (Environment factors ruin
> the fun, but that still leaves interrupts as "water in the wine")
Unlikely that they are predictable to within one TSC cycle.
Particularly to someone who is not in physical possession of the system.
Booting up, it interacts with the network. Network events are somewhat
random. Network events typically have millisecond variance, the TSC
tens of thousands of times faster.
Further, when you measure the TSC against the clock, it tends to wander
considerably, even though there is supposed to be zero variation. So
even within one CPU, clock skew will give you some entropy. If the cpu
is on a network, you are going to have a lot of skew, skew that would be
hard to predict and control even if you instrumented the network.
More information about the cryptography
mailing list