[Cryptography] cheap sources of entropy

James A. Donald Jamesd at echeque.com
Sun Feb 2 01:25:32 EST 2014

On 2014-02-02 14:27, Jerry Leichter wrote:
> No, Bill Stewart is right.  There are multiple layers of software with all kinds of buffering, queuing, operations that are kicked off by clocks at fairly long intervals (way longer than the timing variations seen in disk responses), in between.  It's highly unlikely that any low-level variation in disk response times will be visible by the time you reach the guest OS.
> There *will* be variations, but exactly what produces them, what they are correlated with, how predictable they are, would be extremely difficult to answer.  If you go back to the original paper on disk drive timing variations, you'll see careful work to figure out exactly what kinds of variations disk drive timings will produce, and then actual measurements to show that the results really match the physical models.  No one, as far as I know, has done any work like that in a virtual environment - and frankly I doubt anyone could.  The pieces are just too complicated.

The only efficient way to organize the system is for process switches to 
be triggered by the arrival of data.  Fail to do that, you wind up 
reading one sector per platter rotation.  If you want to read sectors as 
the platter rotates, you have to do process switch on disk event, not 
timer event.

If you do that, switch process on disk event, rather than the timer 
event, process switches will occur at times dictated by disk drive 
turbulence when a process is reading data.

Disk drive turbulence is true random and unpredictable to an adversary,

More information about the cryptography mailing list