[Cryptography] cheap sources of entropy

Tom Mitchell mitch at niftyegg.com
Mon Feb 3 16:13:53 EST 2014


On Sat, Feb 1, 2014 at 8:27 PM, Jerry Leichter <leichter at lrw.com> wrote:

> On Feb 1, 2014, at 4:58 PM, James A. Donald wrote:
> > On 2014-02-02 06:38, Bill Stewart wrote:
> >> Definitely not.  If you're on a VM, you have 0..n virtual disk drives,
> which the hypervisor simulates from a datastore pool and maybe some cache.
> >
> > Underneath all that are real material disk drives, which have
> turbulence.  n in the time that your buffer gets filled.   So just hash the
> cpu clock into your stockpile of randomness every time that you read data
> that is likely to need to come from disk.  And then your VM is reading real
> randomness from real turbulence on the real disk.
>
......

> Go back to the paper that proposed using turbulence and repeat some of
> their tests in a virtual environment.  Let us know what you *actually
> observe*.
>

http://world.std.com/~dtd/random/forward.PDF


> (BTW, it's not even clear that those measurements are relevant to today's
> disk drives and adapters.


Bingo... not relevant in the presence of modern SSD and also the built in
disk buffer
prefetch and more tricks of modern disks that minimize some or all of the
assumptions
for spinning media.

Virtual machines are difficult if not impossible all devices and hardware
can be or need to be virtualized...

Still there are many cats and many ways to skin a cat.

One could approach this a lot like system time with a list of trusted
sources of entropy to be hashed into a local stream.    Time management
(NTP) has goals of trust and traffic minimization that have value here.
It does not take a lot of additional random data hashed into other
streams to generate a local stream that has decent quality.

I should note that open NTP sites have been the victim of DOS
amplification attacks so NTP is not perfect....








-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140203/30a4dc78/attachment.html>


More information about the cryptography mailing list