[Cryptography] cheap sources of entropy

James A. Donald Jamesd at echeque.com
Sat Feb 1 23:02:15 EST 2014

On 2014-02-02 09:07, Theodore Ts'o wrote:
> On Sun, Feb 02, 2014 at 07:58:58AM +1000, James A. Donald wrote:
>> Underneath all that are real material disk drives, which have
>> turbulence.  The turbulence causes random and entirely unpredictable
>> timing variations, which unpredictability and variation propagate
>> all the way to the VM
> *Maybe*.  There could be enough quantization errors such that you're
> not really measuring this.

But there are not.

To introduce a quantization error in timing, would need to delay in an 
idle loop until the counter reached a round number. This slows stuff 
down for no good reason.

Just as to suppress thermal noise in a microphone input reduces sound 
quality for no good reason.

 > Consider what might happen if the VMs are being scheduled by the host OS
 > with a scheduling quantum measured in 10's of milliseconds

Your VM is scheduled.  It attempts to read something from disk. That 
part of the disk has not yet been read into memory and cached. Your VM 
immediately gets idled.  Another VM gets woken from idle.

Disk read completes at a time that depends on disk turbulence.  The real 
machine now has to do something with the data.  Letting it pile up to 
the next scheduling quantum is going to result in the disk head passing 
over the next disk sector, resulting in a painfully slow read.  So, 
unless your real machine is crazy inefficient, it is going to 
immediately wake the consumer of the data at a time that depends on disk 
turbulence, in the hope that it can read sectors sequentially as the 
platter spins.

More information about the cryptography mailing list