[Cryptography] cheap sources of entropy

Sat Feb 1 15:38:11 EST 2014

At 02:33 PM 1/31/2014, James A. Donald wrote:
>If you are on a VM, probably have a disk drive with turbulence.

Definitely not.  If you're on a VM, you have 0..n virtual disk 
drives, which the hypervisor simulates from a datastore pool and 
maybe some cache.  You don't get any access to the real device, even 
though the hardware drivers look like they're talking to a disk.

>If you do not have a disk drive with turbulence, probably have your 
>own microphone and video input.

Most shared servers that are running virtual machines images don't 
have physical sound cards, and they may have a few shareable USB 
ports but they typically won't have video cameras plugged into 
them.  There might be a sound card built into the chipset, but you 
typically don't have access to it.  For instance, when I look at the 
Virtual Machine Settings for my VMware box at work, it doesn't even 
have the option for attaching a virtual sound card to the VM.

The exception is cases like VMware Player running on your desktop, 
which probably can access most of your actual hardware, or virtual 
machines running on mobile phones(because yeah, that's a thing these 
days), which may have lots of toys handy, but your typical web server 
running on an Amazon cloud instance isn't going to have any of those 
things available.  You're probably also not going to be able to log 
in to the VM's console and wave a mouse around (and doing an X 
Windows session isn't going to happen until after ssh has already 
been initialized.)

>So, get microphone input and clock skew and network events and disk 
>drive turbulence and hash them all together.  One of them is bound 
>to work.  The class of machines on which one of these fails is 
>different from the class of machines on which another of them fails.

Even network events are pretty sparse on a vSwitch, compared to the 
constant blather that real ethernet ports typically see.  There isn't 
all that spanning tree noise, maybe you get some ARP broadcasts, but 
only from your other VMs on the same server cluster, vanilla users 
don't have the permissions to set the vSwitch port to promiscuous receive.

"If you don't like the noise, go make some of your own", i.e. you'll 
have to start sending out traffic to known or unknown places and 
using low-level timing of the responses (and even that's not going to 
be as independent as you'd like, since it'll be correlated with the 
granularity of when the hypervisor gives you some CPU cycles), and of 
course all of that traffic is theoretically independently observable, 
not that that's too credible a threat.